Splunk 클라이언트 설치

splunk universal forwarder 설치, splunkforwarder 설치
스플렁크 클라이언트 설치, 스플렁크 포워더 설치, 스플렁크 agent 설치

1 다운로드[ | ]

브라우저에서 http://www.splunk.com/ 접속
우상단 [Login] 클릭
Username, Password 입력 --- [Login]^[1]
우상단 [FREE DOWNLOAD] 클릭
메뉴바 중간 [Universal Forwarder] 클릭
2.6+ kernel Linux distributions (64-bit) 오른쪽 splunk-5.0.x-xxxxxx-linux-2.6-x86_64.rpm 클릭하여 다운로드 시작(약 20 MB)^[2]

2 설치[ | ]

내려받은 파일을 서버^[3]에 업로드
rpm 설치

[root@client01 ~]# rpm -ivh splunkforwarder-5.0.3-163460-linux-2.6-x86_64.rpm
warning: splunkforwarder-5.0.3-163460-linux-2.6-x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 653fb112
Preparing...                ########################################### [100%]
   1:splunkforwarder        ########################################### [100%]
-------------------------------------------------------------------------
Splunk has been installed in:
        /opt/splunkforwarder

To start Splunk, run the command:
        /opt/splunkforwarder/bin/splunk start



Complete documentation is at http://docs.splunk.com/Documentation/Splunk
-------------------------------------------------------------------------

3 최초 실행[ | ]

[root@client01 ~]# /opt/splunkforwarder/bin/splunk start --accept-license

This appears to be your first time running this version of Splunk.

Splunk> See your world.  Maybe wish you hadn't.

Checking prerequisites...
	Checking mgmt port [8089]: open
		Creating: /opt/splunkforwarder/var/lib/splunk
		Creating: /opt/splunkforwarder/var/run/splunk
		Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n
		Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css
		Creating: /opt/splunkforwarder/var/run/splunk/upload
		Creating: /opt/splunkforwarder/var/spool/splunk
		Creating: /opt/splunkforwarder/var/spool/dirmoncache
		Creating: /opt/splunkforwarder/var/lib/splunk/authDb
		Creating: /opt/splunkforwarder/var/lib/splunk/hashDb
New certs have been generated in '/opt/splunkforwarder/etc/auth'.
	Checking conf files for typos...  	Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  Done
                                                           [  OK  ]

[root@client01 ~]# netstat -anp | grep :8089
tcp        0      0 0.0.0.0:8089                0.0.0.0:*                   LISTEN      1529/splunkd

[root@client01 ~]# ps -ef | grep splunk | grep -v grep
root      1529     1  0 14:44 ?        00:00:00 splunkd -p 8089 start
root      1530  1529  0 14:44 ?        00:00:00 [splunkd pid=1529] splunkd -p 8089 start [process-runner]

4 자동 시작 설정[ | ]

[root@client01 ~]# /opt/splunkforwarder/bin/splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.

[root@client01 ~]# service splunk status
Splunk status:
splunkd is running (PID: 2207).
splunk helpers are running (PIDs: 2208).

[root@client01 ~]# chkconfig --list | grep splunk
splunk         	0:off	1:off	2:on	3:on	4:on	5:on	6:off

5 같이 보기[ | ]

6 주석[ | ]

↑ 계정이 없다면 가입해야 한다. [Sign Up Now]
↑ OS에 맞는 설치본 선택. 필자는 리눅스 64비트용을 선택함
↑ 스플렁크 클라이언트들 중 하나

[1] 계정이 없다면 가입해야 한다. [Sign Up Now]

[2] OS에 맞는 설치본 선택. 필자는 리눅스 64비트용을 선택함

[3] 스플렁크 클라이언트들 중 하나

[1]

[2]

[3]