Created
February 23, 2016 18:55
-
-
Save iarrup/7873cf4f1efa573b8b4e to your computer and use it in GitHub Desktop.
Configure Splunk Universal Forwarder on Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Download the splunk universal forwarder | |
| # Would probably need to login to splunk first. | |
| wget -O splunkforwarder-6.3.3-f44afce176d0-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.3.3&product=universalforwarder&filename=splunkforwarder-6.3.3-f44afce176d0-linux-2.6-amd64.deb&wget=true' | |
| ## install | |
| # It gets installed in /opt/splunkforwarder | |
| sudo dpkg -i splunkforwarder-6.3.3-f44afce176d0-linux-2.6-amd64.deb | |
| ## add the entry to init.d | |
| ## Change password | |
| sudo /opt/splunkforwarder/bin/splunk edit user admin -password mypassword -auth admin:changeme | |
| ## Configure the data to go to an indexer | |
| sudo ./splunk add forward-server splunkserver:9997 -auth admin:mypassword | |
| ## Add files to monitor | |
| sudo /opt/splunkforwarder/bin/splunk add monitor /var/log -auth admin:mypassword | |
| ## bouce if required | |
| sudo /opt/splunkforwarder/bin/splunk restart | |
| ## configure init.d | |
| sudo /opt/splunkforwarder/bin/splunk enable boot-start | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment