Last active
May 27, 2016 22:25
-
-
Save longlostnick/6d8373c3904c510c8e44 to your computer and use it in GitHub Desktop.
Install Splunk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Note: ensure credentials file is at /opt/splunkclouduf.spl first | |
| # download latest Splunk forwarder | |
| wget http://download.splunk.com/products/splunk/releases/6.2.1/universalforwarder/linux/splunkforwarder-6.2.1-245427-Linux-x86_64.tgz | |
| # untar | |
| tar -zxvf splunkforwarder-6.2.1-245427-Linux-x86_64.tgz | |
| # move to /opt/splunkforwarder | |
| mv splunkforwarder /opt/ | |
| # start | |
| /opt/splunkforwarder/bin/splunk start --accept-license | |
| # start on boot | |
| /opt/splunkforwarder/bin/splunk enable boot-start | |
| # install new app with credentials (splunk cloud only) | |
| /opt/splunkforwarder/bin/splunk install app /opt/splunkclouduf.spl -auth admin:changeme | |
| /opt/splunkforwarder/bin/splunk restart | |
| # add correct forward-server | |
| #/opt/splunkforwarder/bin/splunk add forward-server splunk.upcounsel.com:9997 | |
| # add a new file to monitor | |
| /opt/splunkforwarder/bin/splunk add monitor -auth admin:changeme /var/log/file-to-monitor.log | |
| # set sourcetype (if needed) | |
| vim /opt/splunkforwarder/etc/apps/search/local/inputs.conf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment