- 安装
- 查看
- 常用命令
tar zxvf <splunk package>-C /opt
/opt/splunk/bin/splunk start --accept-license
/opt/splunk/bin/splunk start enable boot-start
splunk disable boot-start
splunk stop
splunk start
splunk restart
splunk version
rm -rf /opt/splunk
安装splunk Universal Forwarder
tar zxvf <splunk forward package>-C /opt
/opt/splunkforwarder/bin/splunk start --accept-license
/opt/splunkforwarder/bin/splunk start enable boot-start
splunk set splunkd-port 8070
splunk edit user admin -password ‘admin' -role admin -auth admin:changeme
以下是安装步骤,需要输入账号密码
[root@splunk1 bin]# ./splunk start --accept-license This appears to be your first time running this version of Splunk. Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials. Please enter an administrator username: ###### Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password:###### Please confirm new password:###### Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus ..........................................+++++ .........................+++++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus .....................................................................................................................+++++ .+++++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Splunk> CSI: Logfiles. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Creating: /opt/splunk/var/lib/splunk Creating: /opt/splunk/var/run/splunk Creating: /opt/splunk/var/run/splunk/appserver/i18n Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css Creating: /opt/splunk/var/run/splunk/upload Creating: /opt/splunk/var/run/splunk/search_telemetry Creating: /opt/splunk/var/spool/splunk Creating: /opt/splunk/var/spool/dirmoncache Creating: /opt/splunk/var/lib/splunk/authDb Creating: /opt/splunk/var/lib/splunk/hashDb New certs have been generated in '/opt/splunk/etc/auth'. Checking critical directories... Done Checking indexes... Validated: _audit _internal _introspection _metrics _telemetry _thefishbucket history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed. Starting splunk server daemon (splunkd)... Generating a 2048 bit RSA private key ..........+++++ .............................+++++ writing new private key to 'privKeySecure.pem' ----- Signature ok subject=/CN=rb3pu8d.ptcn.com/O=SplunkUser Getting CA Private Key writing RSA key Done [ OK ] Waiting for web server at http://127.0.0.1:8000 to be available..... Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://splunk1:8000
[root@splunk1 bin]# ./splunk status splunkd is running (PID: 12634). splunk helpers are running (PIDs: 12638 12654 12741 12815). [root@splunk1 bin]# ps -ef|grep -i splunk root 12634 1 2 23:21 ? 00:00:06 splunkd -p 8089 start root 12638 12634 0 23:21 ? 00:00:00 [splunkd pid=12634] splunkd -p 8089 start [process-runner] root 12654 12638 1 23:21 ? 00:00:03 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize=200 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --setParameter=oplogFetcherSteadyStateMaxFetcherRestarts=0 --replSet=5C52379B-DC63-4160-935D-EF9D031230E9 --bind_ip=0.0.0.0 --sslMode=requireSSL --sslAllowInvalidHostnames --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx --sslDisabledProtocols=noTLS1_0,noTLS1_1 --sslCipherConfig=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 --nounixsocket --noscripting root 12741 12638 1 23:21 ? 00:00:02 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000 root 12815 12638 0 23:21 ? 00:00:01 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore root 12923 12111 0 23:24 pts/0 00:00:00 grep --color=auto -i splunk