Today we are installing SPLUNK 7.2 on CentOS 7. Lets get started
I am not going into installing CentOS 7, you can figure that out, I am running CentOS 7. with cinnamon desktop installed.
Create a Splunk User
[root@server1 tmp]# groupadd splunk
[root@server1 tmp]# useradd -d /opt/splunk -m -g splunk splunk
[root@server1 tmp]# su - splunk
[splunk@server1 ~]$ id
uid=1001(splunk) gid=1001(splunk) groups=1001(splunk)
Confirm the server architecture
[splunk@server1 ~]$ getconf LONG_BIT
64
Download and extract the Splunk Enterprise version
Extract the tar file and copy the files to the Splunk application folder namely /opt/splunk created
root@server1 tmp]# tar -xvf splunk-6.4.0-f2c836328108-Linux-x86_64.tgz
[root@server1 tmp]# cp -rp splunk/* /opt/splunk/
[root@server1 tmp]# chown -R splunk: /opt/splunk/
Splunk Installation
root@server1 tmp]# su - splunk
Last login: Fri Apr 29 08:14:12 UTC 2016 on pts/0
[splunk@server1 ~]$ cd bin/
[splunk@server1 bin]$ ./splunk start --accept-license
A bunch of text will display but if all is good, you will see the below message
Waiting for web server at http://127.0.0.1:8000 to be available.... Done
I test the Splunk on the host first, open a browser and type http://localhost:8000
if you get the Plunk Enterprise logon screen, you are in business.
Now you may want to connect to the Splunk from another system, you will need to make sure you have port 8000 open on your CentOS 7 system.
Heres how I did it on my system
firewall-cmd --get-active-zones
you should see a zone, mine retuned public.
firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --reload
now check your remote system, you should be good to go...
if anything in this instruction doesn't work, let me know.