How to install Splunk on CentOS 7
To install Splunk on CentOS 7
Splunk is the most powerful tool for exploring and searching data from real time applications, web servers, databases, server platforms, cloud networks etc. Splunk makes the search simple by collecting, analyzing and to broach the value of massive data generated by any business applications, which in turn gives you performance of the business result. Before beginning the installation procedure, check whether the target system contains 64-bit architecture. This tutorial explains the installation procedure of Splunk on CentOS 7.
Installation procedure
To proceed with the installation procedure, go to https://www.splunk.com/en_us/download/splunk-enterprise.html official site to download splunk package. You need to create an account in Splunk website before downloading the package.
Now create a user and group for splunk by running the set of commands.
[root@linuxhelp1 ~]# groupadd splunk [root@linuxhelp1 ~]# useradd -d /opt/splunk -m -g splunk splunk
Check your OS architecture by executing the below command
[root@linuxhelp1 ~]# uname -r
3.10.0-514.26.2.el7.x86_64
Extract the downloaded splunk package by running the tar command followed by the downloaded zip file.
[root@linuxhelp1 ~]# tar -xzvf splunk-6.6.3-e21ee54bc796-Linux-x86_64.tgz
splunk/
splunk/etc/
splunk/etc/deployment-apps/
splunk/etc/deployment-apps/README
splunk/etc/apps/
splunk/etc/apps/gettingstarted/
splunk/etc/apps/gettingstarted/locale/
splunk/etc/apps/gettingstarted/locale/ko_KR/
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/messages.po
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/messages.mo
splunk/etc/apps/gettingstarted/locale/messages.pot
splunk/etc/apps/gettingstarted/locale/zh_CN/
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/messages.po
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/messages.mo
splunk/etc/apps/gettingstarted/locale/ja-JP/
splunk/etc/apps/gettingstarted/locale/ja-JP/LC_MESSAGES/
.
.
.
splunk/share/splunk/search_mrsparkle/exposed/build/jscharting/index.js
splunk/share/splunk/search_mrsparkle/exposed/robots.txt
splunk/share/splunk/search_mrsparkle/exposed/fallback/
splunk/share/splunk/search_mrsparkle/exposed/fallback/dashboard.js
splunk/share/splunk/search_mrsparkle/exposed/fallback/dashboard.css
splunk/share/splunk/search_mrsparkle/exposed/xml/
splunk/share/splunk/search_mrsparkle/exposed/xml/print.xml
splunk/share/copyright.txt
After extracting the downloaded package, copy all the content inside splunk directory to /opt/splunk directory which is the default home directory for splunk user that we have set in previous step.
[root@linuxhelp1 ~]# cp -rp splunk/* /opt/splunk/
Now change the ownership to splunk user
[root@linuxhelp1 ~]# chown -R splunk: /opt/splunk/
Switch to splunk user account and move to bin directory by executing the following command and list the files.
[root@linuxhelp1 ~]# su - splunk [splunk@linuxhelp1 ~]$ ls bin copyright.txt etc ftr include lib license-eula.txt openssl README-splunk.txt share splunk-6.6.3-e21ee54bc796-linux-2.6-x86_64-manifest [splunk@linuxhelp1 ~]$ cd bin [splunk@linuxhelp1 bin]$ ls bloom coldToFrozenExample.py genSignedServerCert.py jsmin parsetest recover-metadata setSplunkEnv splunk-optimize tsidx_scan.py bottle.py copyright.txt genSignedServerCert.sh locktest parse_xml_buckets.py rest_handler.py signtool splunk-optimize-lex untarit.py btool dbmanipulator.py genWebCert.py locktool pcregextest runScript.py slim srm walklex btprobe exporttool genWebCert.sh mongod pid_check.sh safe_restart_cluster_master.py splunk tarit.py bzip2 fill_summary_index.py importtool mongod_cc python scripts splunkd tocsv.py cherryd genAuditKeys.py installit.py node python2 scrubber.py splunkdj tsidxprobe classify genRootCA.sh jars openssl python2.7 searchtest splunkmon tsidxprobe_plo
From the bin directory of splunk user execute the below command to install splunk onto your local machine.
[splunk@linuxhelp1 bin]$ ./splunk start --accept-license
This appears to be your first time running this version of Splunk.
Copying ' /opt/splunk/etc/openldap/ldap.conf.default' to ' /opt/splunk/etc/openldap/ldap.conf' .
Generating RSA private key, 2048 bit long modulus
..........+++
.....................+++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 2048 bit long modulus
...................................................................+++
...................+++
e is 65537 (0x10001)
writing RSA key
Moving ' /opt/splunk/share/splunk/search_mrsparkle/modules.new' to ' /opt/splunk/share/splunk/search_mrsparkle/modules' .
Splunk> See your world. Maybe wish you hadn' t.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
.
.
.
Signature ok
subject=/CN=linuxhelp1/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
[ OK ]
Waiting for web server at http://127.0.0.1:8000 to be available........... Done
If you get stuck, we' re here to help.
Look for answers here: http://docs.splunk.com
Now splunk is installed in the target system. Switch over to the browser and goto link http://127.0.0.1:8000. The login page of Splunk appears on the screen.
For security purposes, change the password from default to another password.
The dashboard of the Splunk is shown to the user as follows.
The installation procedure of Splunk on CentOS 7 is done without any glitches.
Comments ( 1 )