Install the Splunk Forwarder on Ubuntu

Install the Splunk Forwarder on Ubuntu

Get Social!

splunkThe Splunk Universal Forwarder is a small, light weight daemon which forwards data to your main Splunk server from a variety of sources.

This guide assumes that you have already installed the Splunk server to receive the data.

Download the Splunk Universal Forwarder .deb file from the Splunk website:

Upload the file to your Ubuntu server and place it a temporary directory.

Run the dpkg command to install the Splunk server.  The file name of the .deb file may change as new versions are made available so make sure that you have downloaded.

The output will look like the below. Once you see complete, the Splunk Forwarder installation will be complete.

Next we need to create the init.d script so that we can easily start and stop Splunk. Change the the Splunk directory and run the splunk executable with the below arguments.

Press SPACE to view all of the license agreement and then Y to accept it.

You can now start the forwarder daemon using the init.d script.

See reading log files with the Splunk Forwarder to read your first log file and send the data to the Splunk server.


Install Splunk on Ubuntu

Category : How-to

Get Social!

splunkSplunk is the heavyweight open source software which enables you to index, visualise and explore virtually any machine generated data. Splunk is often used to consume Apache and Nginx web server logs as well as website clicks and any other data which maintains a constant format.

Installing Splunk on any Debian based Linux distribution, such as Ubuntu, couldn’t be easier with the .deb package that available for download.

Visit the Splunk download page to download the Splunk .deb package:

Upload the file to your Ubuntu server and place it a temporary directory.

Run the dpkg command to install the Splunk server.  The file name of the .deb file may change as new versions are made available so make sure that you have downloaded.

The output of the command will look like the below example.

Next we need to create the init.d script so that we can easily start and stop Splunk. Change the the Splunk directory and run the splunk executable with the below arguments.

Press SPACE to view all of the license agreement and then Y to accept it.

Start Splunk with the service command.

You will now be able to access Splunk’s web GUI which is running on port 8000.

Open the URL in the browser and login with the below details:

  • User Name: admin
  • Password: changeme

splunk-dashboard-new


Visit our advertisers

Search

Quick Poll

Do you use GlusterFS in your workplace?

Visit our advertisers