本文详细介绍了如何在Ubuntu 18.04上安装Splunk 7.2.0,包括创建虚拟机、下载并安装Splunk软件包、更改防火墙规则以及将本地日志文件夹设置为数据输入源的步骤。
Last updated on August 9, 2019
Installing Splunk 7.2.0 into Ubuntu is super easy. I had a video to introduce how to install Splunk in a windows server in my previous post. This time, I am going to present an installation process for Splunk 7.2.0 installed into Ubuntu 18.04. Ubuntu is running on Google Cloud Platform.
1. Create a new Ubuntu 18.04 LTS VM from GCP ->Computer Engine -> VM Instance
2. SSH Log into Ubuntu VM from GCP ->Computer Engine -> VM Instance
3. Download Splunk from Ubuntu VM
Scrip for download link:
product="splunk" # values can be : splunk , universalforwarder
version="7.0.2" # Splunk product Version
hash="8c86330ac18" # specific per Version
arch="amd64" # values can be : x86_64 (redhat, tgz), amd64 (ubuntu), x64 (Windows)
os="linux" # values can be : linux, windows
pkg="deb" # Values can be : tgz, rpm, deb, msi
if [ $pkg = "tgz" ]; then
filename="${product}-${version}-${hash}-Linux-${arch}.${pkg}"
elif [ $os = "windows" ]; then
filename="${product}-${version}-${hash}-${arch}-release.${pkg}"
else
filename="${product}-${version}-${hash}-${os}-2.6-${arch}.${pkg}"
fi
md5File="${filename}.md5"
echo $filename # Verify this is correct
wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${md5File}"
wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}"
# OR
curl -o "$md5File" "https://download.splunk.com/products/splunk/releases/${version}/${os}/${md5File}"
curl -o "$md5File" "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}"
Download Splunk Package using wget :
[email protected]:~$ echo $filename splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb [email protected]:~$ wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}" --2018-10-19 23:14:33-- https://download.splunk.com/products/splunk/releases/7.2.0/linux/splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb Resolving download.splunk.com (download.splunk.com)... 13.35.115.61, 13.35.115.82, 13.35.115.18, ... Connecting to download.splunk.com (download.splunk.com)|13.35.115.61|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 261290760 (249M) [application/octet-stream] Saving to: ‘splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb’ splunk-7.2.0-8c86330ac18-lin 100%[=============================================>] 249.19M 6.09MB/s in 41s 2018-10-19 23:15:15 (6.04 MB/s) - ‘splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb’ saved [261290760/261290760]
[email protected]:~$ wget https://download.splunk.com/products/splunk/releases/7.2.0/linux/splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb
4. Install Splunk Package
[email protected]:~$ dpkg -i splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb dpkg: error: requested operation requires superuser privilege [email protected]:~$ sudo su [email protected]:/home/johnyan_ca# [email protected]:/home/johnyan_ca# [email protected]:/home/johnyan_ca# dpkg -i splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb Selecting previously unselected package splunk. (Reading database ... 60641 files and directories currently installed.) Preparing to unpack splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb ... Unpacking splunk (7.2.0) ... Setting up splunk (7.2.0) ... complete
[email protected]:/home/johnyan_ca# cd /opt/splunk/bin/ [email protected]:/opt/splunk/bin# ./splunk enable boot-start SPLUNK SOFTWARE LICENSE AGREEMENT HIS SPLUNK SOFTWARE LICENSE AGREEMENT ("AGREEMENT") GOVERNS THE LICENSING, INSTALLATION AND USE OF SPLUNK SOFTWARE. BY DOWNLOADING AND/OR INSTALLING .
.
.
.[Omitted]
.
. 4. FORCE MAJEURE. Splunk will not be responsible for any failure or delay in its performance under these Terms and Conditions due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortages of or inability to obtain labor, energy, raw materials or supplies, war, acts of terror, riot, acts of God or governmental action. Splunk Software License Agreement 10.01.2018 Do you agree with this license? [y/n]: y This appears to be your first time running this version of Splunk. Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials. Please enter an administrator username: johnyan Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password: Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus ...................................................+++ ................................................................................................................+++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus ....................+++ .........+++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Init script installed at /etc/init.d/splunk. Init script is configured to run at boot. [email protected]:/opt/splunk/bin# [email protected]:/opt/splunk/bin# [email protected]:/opt/splunk/bin# service splunk start [email protected]:/opt/splunk/bin#
5. Firewall Rule Change
Open tcp 8000 port in Google Cloud Platform VPC network -> Firewall rules
6. Add local log folder as data input
Here is an example to add a new local folder /var/log as a data input.
Youtube Video:
References:
扫一扫
25
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
