Install the Splunk Forwarder on Ubuntu

Install the Splunk Forwarder on Ubuntu

Tags :

Category : How-to

Get Social!

splunkThe Splunk Universal Forwarder is a small, light weight daemon which forwards data to your main Splunk server from a variety of sources.

This guide assumes that you have already installed the Splunk server to receive the data.

Download the Splunk Universal Forwarder .deb file from the Splunk website:

Upload the file to your Ubuntu server and place it a temporary directory.

Run the dpkg command to install the Splunk server.  The file name of the .deb file may change as new versions are made available so make sure that you have downloaded.

dpkg -i splunkforwarder-6.0.3-204106-linux-2.6-amd64.deb

The output will look like the below. Once you see complete, the Splunk Forwarder installation will be complete.

Selecting previously unselected package splunkforwarder.
(Reading database ... 28352 files and directories currently installed.)
Unpacking splunkforwarder (from splunkforwarder-6.0.3-204106-linux-2.6-amd64.deb) ...
Setting up splunkforwarder (6.0.3-204106) ...
complete

Next we need to create the init.d script so that we can easily start and stop Splunk. Change the the Splunk directory and run the splunk executable with the below arguments.

cd /opt/splunkforwarder/bin/
./splunk enable boot-start

Press SPACE to view all of the license agreement and then Y to accept it.

You can now start the forwarder daemon using the init.d script.

service splunk start

See reading log files with the Splunk Forwarder to read your first log file and send the data to the Splunk server.

Install Splunk on Ubuntu

Tags :

Category : How-to

Get Social!

splunkSplunk is the heavyweight open source software which enables you to index, visualise and explore virtually any machine generated data. Splunk is often used to consume Apache and Nginx web server logs as well as website clicks and any other data which maintains a constant format.

Installing Splunk on any Debian based Linux distribution, such as Ubuntu, couldn’t be easier with the .deb package that available for download.

Visit the Splunk download page to download the Splunk .deb package:

Upload the file to your Ubuntu server and place it a temporary directory.

Run the dpkg command to install the Splunk server.  The file name of the .deb file may change as new versions are made available so make sure that you have downloaded.

dpkg -i splunk-6.0.3-204106-linux-2.6-amd64.deb

The output of the command will look like the below example.

Selecting previously unselected package splunk.
(Reading database ... 20803 files and directories currently installed.)
Unpacking splunk (from splunk-6.0.3-204106-linux-2.6-amd64.deb) ...
Setting up splunk (6.0.3-204106) ...
complete

Next we need to create the init.d script so that we can easily start and stop Splunk. Change the the Splunk directory and run the splunk executable with the below arguments.

cd /opt/splunk/bin/
./splunk enable boot-start

Press SPACE to view all of the license agreement and then Y to accept it.

Start Splunk with the service command.

service splunk start

You will now be able to access Splunk’s web GUI which is running on port 8000.

http://10.10.10.10:8000/

Open the URL in the browser and login with the below details:

  • User Name: admin
  • Password: changeme

splunk-dashboard-new

Visit our advertisers

Search

Quick Poll

How many Proxmox servers do you work with?
Results

Recent Posts

Visit our advertisers

Site Links
Blog
Rated Sites

JamesCoyle.net Limited