Friday, October 12, 2018

SPLUNK install on CentOS7

Today we are installing SPLUNK 7.2 on CentOS 7. Lets get started

I am not going into installing CentOS 7, you can figure that out, I am running CentOS 7. with cinnamon desktop installed.

Create a Splunk User

[root@server1 tmp]# groupadd splunk
[root@server1 tmp]# useradd -d /opt/splunk -m -g splunk splunk
[root@server1 tmp]# su - splunk
[splunk@server1 ~]$ id
uid=1001(splunk) gid=1001(splunk) groups=1001(splunk)

Confirm the server architecture

[splunk@server1 ~]$ getconf LONG_BIT
64

Download and extract the Splunk Enterprise version

Extract the tar file and copy the files to the Splunk application folder namely /opt/splunk created

root@server1 tmp]# tar -xvf splunk-6.4.0-f2c836328108-Linux-x86_64.tgz
[root@server1 tmp]# cp -rp splunk/* /opt/splunk/
[root@server1 tmp]# chown -R splunk: /opt/splunk/

Splunk Installation

root@server1 tmp]# su - splunk
Last login: Fri Apr 29 08:14:12 UTC 2016 on pts/0

[splunk@server1 ~]$ cd bin/
[splunk@server1 bin]$ ./splunk start --accept-license

A bunch of text will display but if all is good, you will see the below message

Waiting for web server at http://127.0.0.1:8000 to be available.... Done

I test the Splunk on the host first, open a browser and type http://localhost:8000

if you get the Plunk Enterprise logon screen, you are in business.

Now you may want to connect to the Splunk from another system, you will need to make sure you have port 8000 open on your CentOS 7 system.

Heres how I did it on my system

firewall-cmd --get-active-zones

you should see a zone, mine retuned public.

firewall-cmd --zone=public --add-port=8000/tcp --permanent

firewall-cmd --reload

now check your remote system, you should be good to go...

if anything in this instruction doesn't work, let me know.