Splunk: Install Splunk Indexer on Linux
Red Hat/Fedora/CentOS
2 min readApr 20, 2014
This is the first post in a series of posts related to Splunk.
Check out this cool Ben & Jerry’s napkin. It gives a simple explanation of Splunk.
Install Splunk Indexer
- Login to the splunk indexer server and sudo to root.
$ sudo su — - Download the Splunk indexer rpm. For the sake of this post, I will use splunk-6.0.2-196940-linux-2.6-x86_64.rpm.
$ cd /root$ wget -O splunk-6.0.2-196940-linux-2.6-x86_64.rpm ‘http://www.splunk.com/page/download_track?file=6.0.2/splunk/linux/splunk-6.0.2-196940-linux-2.6-x86_64.rpm&ac=adwords-syslog&wget=true&name=wget&platform=Linux&architecture=x86_64&version=6.0.2&product=splunk&typed=release'
- Install the splunk indexer.
$ rpm -ihv splunk-6.0.2-196940-linux-2.6-x86_64.rpm(OR)$ yum -y localinstall splunk-6.0.2-196940-linux-2.6-x86_64.rpm
- Add splunk to $PATH. Add the following to ~/.bashrc or ~/.zshrc.
$ vi ~/.bashrc
export SPLUNK_HOME="/opt/splunk" export PATH=$PATH:$SPLUNK_HOME/bin$ exec bash
- Start the splunk indexer.
$ splunk start --accept-license (Note: --accept-license option is needed only the first time the splunk indexer is started)
- Configure the splunk indexer to start at boot time.
$ splunk enable boot-start- Login to the splunk indexer gui at http://<splunk-indexer-host>:8000
--Default Login--Username: adminPassword: changeme
Configure the Splunk indexer to receive data
- Configure the splunk indexer to receive data from the forwarders, on port 9997.
$ vi $SPLUNK_HOME/etc/system/local/inputs.conf[splunktcp://9997]disabled = 0
- Restart splunk indexer.
$ splunk restartConfigure the splunk indexer as the deployment server
- Deployment server capability is automatically enabled on splunk enterprise.
- To test the deployment server capability, create a test app.
$ cd $SPLUNK_HOME/etc/deployment-apps$ mkdir test_app
- Reload deployment server.
$ splunk reload deploy-server- The splunk indexer is ready to deploy apps.
In the next post, I will show how to install and configure a linux universal forwarder to send data to the indexer and configure as a deployment client.
