+4 votes
370 views
How to install Splunk on CentOS 7 Linux

in Linux / Unix by (552k points)
reopened | 370 views

1 Answer

+5 votes
Best answer

1. How to install Splunk on CentOS 7 Linux
2. How to access Splunk on CentOS 7 Linux

Current operating systems have functionalities that allow recording every situation that occurs; both with the operating system itself and with its internal applications and components. This facilitates all the tasks that as administrators we must carry out within the tasks of support, audit and error prevention ..

Thanks to the event logs , it is possible to obtain details of shutdowns, reboots or logins in the system, access, edition of applications and each of these tasks can become essential for administration efforts regardless of the size of organization.

Splunk has been developed as a large capacity software, which can be integrated to carry out business records management in real time in order to collect, store, search, diagnose and report any record or data generated by the company. server and multi-line application logs are also included; structured, unstructured and complex..

This is why today TechnoWikis will explain what Splunk is and how to install and configure it on CentOS 7 Linux step by step.

What is Splunk?
Splunk is an operational intelligence platform, which allows system or network administrators to access much more complete details about values ​​and information that can allow the company to be more productive, profitable, competitive and secure in all aspects both Internal as external.

Splunk manages two essential areas that are:

Operational intelligence
This allows real-time understanding of everything that happens in IT systems and technological infrastructure in order to make correct decisions, associated with errors and improvements to be made looking for the best benefit for all.
Machine data
These contain records of all activity and behavior of customers, users, transactions, applications, servers, networks and mobile devices among others; where configurations, API data, message queues and many more aspects are included.
Splunk features
Among the features offered by this platform we have:
Take data from any equipment information
Splunk can collect and index the registry and team data from any source; in this way it will be possible to combine the data of the equipment with the data in the relational databases, data stores and Hadoop and NoSQL data stores.
Open Development Platform
Developers can create new custom Splunk applications or integrate Splunk data into other applications; which gives us the opportunity to maximize the use of the platform.
Business class architecture
Splunk has a scale of automatic load balancing and clustering of multiple sites, in order to support hundreds of terabytes of data daily and thus optimize response times and provide continuous availability for administrators.
Splunkbase applications and add-ons
Splunk applications are available to take full advantage of the platform and thus increase its benefits.
Indexing
Splunk indexes data from the IT infrastructure. In this way it will be possible to obtain data from websites, applications, servers, databases, operating systems and much more.
Search
Search is the best alternative to access data in Splunk. It will be possible to save a search as a report and use it in order to feed the dashboard panels. In addition, these searches offer data information such as metric calculation, search for specific conditions and more.
Alerts
Splunk alerts notify us when the search results and in real time meet the conditions configured as well. It is possible to configure alerts to trigger actions such as sending alert information to designated email addresses, posting alert information in an RSS feed and executing a custom script as required.
Reports
Splunk allows us to save searches and pivots as reports, to later add reports to dashboards as panel panels.
Pivot management
A pivot refers to a table, graph or display of data created with the Pivot Editor. The Pivot Editor allows users to add attributes defined by data model objects to a table, graph or data visualization without having to execute searches in the Search Processing Language (SPL) to generate them.
Boards
Splunk boards contain module panels such as search boxes, fields or graphs in order to display search results and in real time.

System Requirements

The following operating systems are required to use Splunk:
  • Solaris 10 and 11.
  • PowerLinux, Little Endian kernel version 2.6 and higher.
  • zLinux, kernel version 2.6.
  • FreeBSD 10 and 11.
  • macOS 10.12 and 10.13.
  • AIX 7.1 and 7.2.
  • ARM Linux
  • CentOS 7.
  • Windows Server 2012, Server 2012 R2, and Server 2016.
  • Windows 10

1. How to install Splunk on CentOS 7 Linux


For this installation we have two options:
Option 1
The first is to go to the Splunk website, create an account and thus obtain the latest version available for the Splunk Enterprise download page distribution. RPM packages are available for Red Hat, CentOS and similar versions of Linux.

The official website is as follows:

Splunk
Option 2

Step 1

If you do not wish to use this method, we can use the wget command to download it directly to the system by executing the following command:
 wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1 .2-a0c72a66db66-linux-2.6-x86_64.rpm & wget = true ' 

image

Step 2

Once the package download process is complete, we will install Splunk Enterprise RPM in the default directory; which is / opt / splunk using the RPM package manager as follows:
 rpm -i splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm 

image

Step 3

Now we are going to use the Splunk Enterprise command line interface (CLI) to start the service like this:
 sudo /opt/splunk/bin/./splunk start 
First of all, we will need to read the license term agreements:

image

Then, we must enter the letter "y" to accept the terms of this license, press "Enter"

image

Step 4

Now we must assign, and confirm, the password of the administrator user. Press "Enter" again

image

Step 5

The Splunk configuration and installation process will begin:

image

Step 6

If all installed files are correct and all preliminary checks are passed, the Splunk server daemon (splunkd) will be started, which will generate a 2048-bit RSA private key. In the final part we will see how to access the Splunk web interface:

image

Step 7

Next, we will open port 8000, which listens to the Splunk server, on the firewall using the firewall-cmd as follows:
 firewall-cmd --add-port = 8000 / tcp --permanent firewall-cmd --reload 

image


2. How to access Splunk on CentOS 7 Linux


Step 1

Once this is done, we will access the Splunk interface using the following syntax:
 http: // IP_SERVIDOR: 8000 
In the displayed window we will enter the admin user and the password that we have defined during the configuration process already described. Click on "Sign In"

image

Step 2

This will be the initial application environment: image
Step 3

To add data to monitor, click on the "Add Data" section and see the following. There we click on the "Monitor" section.

image

Step 4

In this case we will click on the category "Files & Directories"

image

Step 5

In the next window we must configure the instance to monitor files and directories for the data.

image

Step 6

To monitor all objects in a directory, we will select the respective directory. If we want to monitor a single file, it will be necessary to select it by clicking "Browse" to select the data source, the following will be displayed:

image

Step 7

Simply click on each line to display all its subdirectories where we will select the desired one. Once selected we click on the "Select" button.

image

Step 8

We will see this; Now we click on the "Next" button at the top. image
Step 9

We will define the monitoring configuration of the selected data. Once this is defined, click on "Next". image
Step 10

Then we will see a summary of the process executed, click on "Submit" to load the configuration. image
Step 11

The following will be displayed, to start the monitoring process, click on the "Start Searching" button. image
Step 12

The following will be displayed, there we can see each event by category with their respective information. image
Step 13

To see all the data entries, we must go to:
  • Settings
  • Add data
  • Data Inputs
Then we will click on the type of view to see, for example, "Files and Directories", "TCP", etc:

image

This will be the result:

image
Step 14

By clicking on "Files & Directories" we will see the most summarized data: image

From the "Settings" section we can go to the "Monitoring" category in order to see more precise details of the server:

image

In this way, Splunk is an integral solution for monitoring various system elements in real time and with the best configuration features..


by (3.5m points)
edited

Related questions

+5 votes
1 answer
+3 votes
1 answer
+4 votes
1 answer
asked Nov 20, 2019 in Linux / Unix by backtothefuture (552k points) | 265 views
+3 votes
1 answer
asked Nov 11, 2019 in Linux / Unix by backtothefuture (552k points) | 280 views
+5 votes
1 answer
asked Nov 10, 2019 in Linux / Unix by backtothefuture (552k points) | 564 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users