Install the Splunk Enterprise DEB package To install into a different directory, add the -prefix flag to the installation command.įor example, type rpm -i -prefix=/opt/new_directory splunk_package_name.rpm.To install into the default directory, type rpm -i splunk_package_name.rpm.Use the CLI to install Splunk Enterprise.You can install the Splunk Enterprise RPM in the default directory /opt/splunk, or in a different directory. When you type in the installation commands, replace splunk_package_name with the file name of the Splunk Enterprise installer that you downloaded. You must have access to a command-line interface (CLI). Splunk Enterprise provides three Linux installer options: an RPM, a DEB, or a. After installing Splunk Enterprise, you can continue to Navigating Splunk Web. You can install Splunk Enterprise on the following operating systems.įor other installers or other supported operating systems, see the step-by-step installation instructions for those platforms. If you're using Splunk Cloud Platform, go to Navigating Splunk Web. In this case, events will be parsed directly on Indexer.These steps apply only to Splunk Enterprise. This step is necessary, as Universal Forwarder cannot parse events and the parsing settings from nf will not run on Universal Forwarder. If the file does not exist, create a new one. Transfer all nf file lines from the Forwarder %SPLUNK_HOME%/etc/apps/Splunk_TA_Kaspersky-CyberTrace-App-for-Splunk-Universal-Forwarder/default/nf directory to the Indexer %SPLUNK_HOME%/etc/system/local/nf directory.The steps above allow forwarding the Splunk logs only to indexers.Īn example of the %SPLUNK_HOME%/etc/system/local/nf file content is as follows: The default nf settings provide forwarding the Splunk Universal Forwarder internal logs to all sources, including Kaspersky CyberTrace. You can find the actual name for the indexers groups in the %SPLUNK_HOME%/etc/system/local/nf file. If the file %SPLUNK_HOME%/etc/system/local/nf already exists, make configurations manually.īy default, the name for this group is default-autolb-group. Copy %SPLUNK_HOME%/etc/apps/SplunkUniversalForwarder/default/nf to %SPLUNK_HOME%/etc/system/local/nf and indicate in two positions of the _TCP_ROUTING attribute value the name of the active group with indexers. Make sure that the %SPLUNK_HOME%/etc/apps/Splunk_TA_Kaspersky-CyberTrace-App-for-Splunk-Universal-Forwarder directory contains default, metadata, and static directories, and the README.txt file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |