zoukankan      html  css  js  c++  java

  • Splunk 安装

    • 安装
    • 查看
    • 常用命令

    tar zxvf  <splunk package>-C /opt
    /opt/splunk/bin/splunk start --accept-license

    /opt/splunk/bin/splunk start enable boot-start

    splunk disable boot-start

    splunk stop

    splunk start

    splunk restart

    splunk version

    rm -rf /opt/splunk

    安装splunk Universal Forwarder

    tar zxvf  <splunk forward package>-C /opt

    /opt/splunkforwarder/bin/splunk start --accept-license

    /opt/splunkforwarder/bin/splunk start enable boot-start

    splunk set splunkd-port 8070

    splunk edit user admin -password ‘admin' -role admin -auth admin:changeme

    以下是安装步骤,需要输入账号密码

    [root@splunk1 bin]# ./splunk start --accept-license

This appears to be your first time running this version of Splunk.

Splunk software must create an administrator account during startup. Otherwise, you cannot log in.
Create credentials for the administrator account.
Characters do not appear on the screen when you type in credentials.

Please enter an administrator username: ######
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password:######
Please confirm new password:######
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 2048 bit long modulus
..........................................+++++
.........................+++++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 2048 bit long modulus
.....................................................................................................................+++++
.+++++
e is 65537 (0x10001)
writing RSA key

Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.

Splunk> CSI: Logfiles.

Checking prerequisites...
	Checking http port [8000]: open
	Checking mgmt port [8089]: open
	Checking appserver port [127.0.0.1:8065]: open
	Checking kvstore port [8191]: open
	Checking configuration... Done.
		Creating: /opt/splunk/var/lib/splunk
		Creating: /opt/splunk/var/run/splunk
		Creating: /opt/splunk/var/run/splunk/appserver/i18n
		Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
		Creating: /opt/splunk/var/run/splunk/upload
		Creating: /opt/splunk/var/run/splunk/search_telemetry
		Creating: /opt/splunk/var/spool/splunk
		Creating: /opt/splunk/var/spool/dirmoncache
		Creating: /opt/splunk/var/lib/splunk/authDb
		Creating: /opt/splunk/var/lib/splunk/hashDb
New certs have been generated in '/opt/splunk/etc/auth'.
	Checking critical directories...	Done
	Checking indexes...
		Validated: _audit _internal _introspection _metrics _telemetry _thefishbucket history main summary
	Done
	Checking filesystem compatibility...  Done
	Checking conf files for problems...
	Done
	Checking default conf files for edits...
	Validating installed files against hashes from '/opt/splunk/splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64-manifest'
	All installed files intact.
	Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Generating a 2048 bit RSA private key
..........+++++
.............................+++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=rb3pu8d.ptcn.com/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available..... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://splunk1:8000

    [root@splunk1 bin]# ./splunk status
splunkd is running (PID: 12634).
splunk helpers are running (PIDs: 12638 12654 12741 12815).
[root@splunk1 bin]# ps -ef|grep -i splunk
root      12634      1  2 23:21 ?        00:00:06 splunkd -p 8089 start
root      12638  12634  0 23:21 ?        00:00:00 [splunkd pid=12634] splunkd -p 8089 start [process-runner]
root      12654  12638  1 23:21 ?        00:00:03 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize=200 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --setParameter=oplogFetcherSteadyStateMaxFetcherRestarts=0 --replSet=5C52379B-DC63-4160-935D-EF9D031230E9 --bind_ip=0.0.0.0 --sslMode=requireSSL --sslAllowInvalidHostnames --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx --sslDisabledProtocols=noTLS1_0,noTLS1_1 --sslCipherConfig=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 --nounixsocket --noscripting
root      12741  12638  1 23:21 ?        00:00:02 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
root      12815  12638  0 23:21 ?        00:00:01 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
root      12923  12111  0 23:24 pts/0    00:00:00 grep --color=auto -i splunk
    每天进步一点点,多思考,多总结 版权声明:本文为CNblog博主「zaituzhong」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
  • 相关阅读:
    js获取上传图片真实的尺寸大小和存储大小
    java中Class.getResource用法(用于配置文件的读取)
    Spring Boot Application 事件和监听器
    docker打包centos增加中文支持
    安装polyglot出错
    docker内程序如何读取dockerfile和compose.yml中设置的环境变量
    Docker 构建网络服务后本机不能访问
    docker 错误:Error response from daemon: cannot stop container: connect: connection refused": unknown
    Mac上把python源文件编译成so文件
    Mac下更改Python pip的源
  • 原文地址:https://www.cnblogs.com/tingxin/p/12267249.html
Copyright © 2011-2022 走看看