Components
Storage
Search engine
Visualisation
Capability
Customize using app
Features
Similar to SQL
Splunkbase is a site where users can post and share apps and add-ons.
For developer
Use below commands in sequence. While starting splunk, it will ask for the admin account configuration
command to start splunk in Linux
root@master213:~/splunk# history | grep splunk
30 mkdir splunk
31 cd splunk/
32 apt get splunk
51 wget -O splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.2.0&product splunk&filename=splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb&wget=true'
52 ls -l splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
55 chmod 744 splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
56 ls -l splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
60 dpkg -l | grep splunk
63 dpkg -i splunk-8.2.0-e053ef3c985f-linux-2.6-amd64.deb
69 /opt/splunk/bin/splunk start --accept-license
List processes post-installation
Processes running after splunk installation
root@master213:~/splunk# ps ax | grep splunk
2384609 ? Sl 0:10 splunkd -p 8089 start
2384610 ? Ss 0:00 [splunkd pid=2384609] splunkd -p 8089 start [process-runner]
2384760 ? SLl 0:01 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=mmapv1 --port=8191 --timeStampFormat=iso8601-utc --smallfiles --oplogSize=200 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --setParameter=oplogFetcherSteadyStateMaxFetcherRestarts=0 --replSet=BC051336-E7B8-4759-8BDD-AB1422CB6113 --bind_ip=0.0.0.0 --sslMode=requireSSL --sslAllowInvalidHostnames --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx --sslDisabledProtocols=noTLS1_0,noTLS1_1 --sslCipherConfig=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 --nounixsocket --noscripting
2384855 ? Sl 0:02 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000
2384863 ? Sl 0:00 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore
2387265 pts/0 S+ 0:00 grep --color=auto splunk
Access in browser via <machine-ip>:8000
http://10.106.175.213:8000/ is example
Fast mode
Smart mode
Verbose mode