Scribd
Upload
149 views3 pages

Fowarder Installation Guide

The document provides instructions to configure Splunk servers and forwarders. It lists IP addresses and ports for Splunk roles including indexers, search heads, cluster master, and license master. It also provides steps to download and install a Splunk forwarder on a Linux server, configure it to start at boot, set passwords and ports, grant read access to logs, and start the Splunk process.

Uploaded by

EzzyOrwoba
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
149 views3 pages

Fowarder Installation Guide

The document provides instructions to configure Splunk servers and forwarders. It lists IP addresses and ports for Splunk roles including indexers, search heads, cluster master, and license master. It also provides steps to download and install a Splunk forwarder on a Linux server, configure it to start at boot, set passwords and ports, grant read access to logs, and start the Splunk process.

Uploaded by

EzzyOrwoba
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Work Instructions

Part I

Ensure connectivity between your servers and the splunk servers below(ping)

IP Port
Splunk Role OS
Address s
999
172.29.21 7,
CentOS 7
3.80 808
9
999
172.29.21 7,
CentOS 7
3.81 808
9
999
172.29.21 7,
CentOS 7
3.82 808
9
999
172.29.21 7,
Indexers CentOS 7
3.83 808
9
999
172.29.21 7,
CentOS 7
3.84 808
9
999
172.29.21 7,
CentOS 7
3.85 808
9
999
172.29.21 7,
CentOS 7
3.86 808
9
800
172.29.21 0,
Seach Heads CentOS 7
3.88 808
9
800
172.28.20 0,
Cluster Master CentOS 7
0.84 808
9
800
172.28.20 0,
License Master CentOS 7
0.85 808
9
Additional
Server 172.29.21
[proposed 3.87
search head]
130
Forwarder
01
Download the forwarder(https://www.splunk.com/en_us/download/universal-forwarder.html)
Use attached if its linux box Check the version uname a to know whether x86 or not and
download the right splunk fowarder

splunkforwarder-6.4.1-debde650d26e-Linux-x86_64.tgz

#copy relevant splunk forwarder installer to the server that you intend to collect
logs from

#add group and user


groupadd splunk
useradd -g splunk splunk

chage -I -1 -m 0 -M 99999 -E -1 splunk

#to install forwarder in /opt


cd /opt
tar xvzf /<temp location>/splunkforwarder-<version>.tgz

#configure forwarder
chown -R splunk:splunk splunkforwarder

#set to start at server boot


/opt/splunkforwarder/bin/splunk enable boot-start -user splunk --accept-license --answer-yes
--auto-ports --no-prompt

#change default password


/opt/splunkforwarder/bin/splunk edit user admin -password M@hig@1 -auth
admin:changeme --accept-license --answer-yes --auto-ports --no-prompt

#change default management port


/opt/splunkforwarder/bin/splunk set splunkd-port 13100 --accept-license --answer-yes --auto-
ports --no-prompt

#if you are using a deployment server, set it here. Otherwise ignore this
configuration
/opt/splunkforwarder/bin/splunk set deploy-poll 172.28.200.84:8089 --accept-license
--answer yes

#configure log location access


#either add splunk user to the group that has read access to the log loaction
setfacl -R -m u:splunk:r-x /var/log

Save the attached file (deploymentclient.conf) under (if it does not exist)

/opt/splunkforwarder/etc/system/local/deploymentclient.conf
i.e

cp /home/cmwanzia/deploymentclient.conf /opt/splunkforwarder/etc/system/local/

#switch to splunk user and start splunk with that user


su - splunk
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt

#in case of any issues, you may restart with


/opt/splunkforwarder/bin/splunk restart

You might also like