Embedded Files
Components
Storage
Search engine
Visualisation
Capability
Customize using app
Features
Splunk processing language
Splunk processing language
Similar to SQL
Splunk base
Splunk base
Splunkbase is a site where users can post and share apps and add-ons.
Splunk API
Splunk API
For developer
Setup
Setup
Linux
Linux
Use below commands in sequence. While starting splunk, it will ask for the admin account configuration
command to start splunk in Linux
root@master213:~/splunk# history | grep splunk
30 mkdir splunk
31 cd splunk/
32 apt get splunk
51 wget -O splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.2.0&product splunk&filename=splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb&wget=true'
52 ls -l splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
55 chmod 744 splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
56 ls -l splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
60 dpkg -l | grep splunk
63 dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
69 /opt/splunk/bin/splunk start --accept-license
List processes post-installation
Processes running after splunk installation
root@master213:~/splunk# ps ax | grep splunk
2384609 ? Sl 0:10 splunkd -p 8089 start
2384610 ? Ss 0:00 [splunkd pid=2384609] splunkd -p 8089 start [process-runner]
2384760 ? SLl 0:01 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize=200 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --setParameter=oplogFetcherSteadyStateMaxFetcherRestarts=0 --replSet=BC051336-E7B8-4759-8BDD-AB1422CB6113 --bind_ip=0.0.0.0 --sslMode=requireSSL --sslAllowInvalidHostnames --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx --sslDisabledProtocols=noTLS1_0,noTLS1_1 --sslCipherConfig=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 --nounixsocket --noscripting
2384855 ? Sl 0:02 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
2384863 ? Sl 0:00 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
2387265 pts/0 S+ 0:00 grep --color=auto splunk
Access in browser via <machine-ip>:8000
http://10.106.175.213:8000/ is example
Splunk search modes
Splunk search modes
Fast mode
Smart mode
Verbose mode
Page updated
Google Sites
Report abuse