As part of testing the CMX to Splunk direct connector I was presented with the requirement to install Splunk.
As I had access to a RHEL 7 box I decided to install Splunk onto this box.
I would like to give credit to VCP Muthukrishna’s blog for helping me learn how to install Splunk. His blog is available here
Steps to Install Splunk:
Check if package is installed
$rpm -qa | grep splunk
[splunk@corp-cmx02-v20 bin]$ rpm -qa | grep splunk
[splunk@corp-cmx02-v20 bin]$
Download the package
$wget http://download.splunk.com/products/splunk/releases/6.3.1/splunk/linux/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ wget http://download.splunk.com/products/splunk/releases/6.3.1/splunk/linux/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
–2016-10-20 08:30:43– http://download.splunk.com/products/splunk/releases/6.3.1/splunk/linux/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
Resolving download.splunk.com (download.splunk.com)… 54.230.243.9, 54.230.243.13, 54.230.243.38, …
Connecting to download.splunk.com (download.splunk.com)|54.230.243.9|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 144763283 (138M) [application/x-rpm]
Saving to: ‘splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm’
100%[======================================>] 144,763,283 19.0MB/s in 15s
2016-10-20 08:30:59 (9.26 MB/s) – ‘splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm’ saved [144763283/144763283]
[hand0001@corp-cmx02-v20 ~]$ chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ rpm -i –prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
warning: splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 653fb112: NOKEY
error: can’t create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)
[hand0001@corp-cmx02-v20 ~]$ su rpm -i –prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
su: invalid option — ‘i’
Usage:
su [options] [-] [USER [arg]…]
Change the effective user id and group id to that of USER.
A mere – implies -l. If USER not given, assume root.
Options:
-m, -p, –preserve-environment do not reset environment variables
-g, –group specify the primary group
-G, –supp-group specify a supplemental group
-, -l, –login make the shell a login shell
-c, –command pass a single command to the shell with -c
–session-command pass a single command to the shell with -c
and do not create a new session
-f, –fast pass -f to the shell (for csh or tcsh)
-s, –shell run shell if /etc/shells allows it
-h, –help display this help and exit
-V, –version output version information and exit
For more details see su(1).
Install the package (Note: we are installing the free version)
$chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ sudo chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
Change to root user and install package (found it didn’t work otherwise)
$rpm -i --prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ sudo su
[root@corp-cmx02-v20 hand0001]# rpm -i splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
complete
[root@corp-cmx02-v20 hand0001]#
Verify Splunk installed
$rpm -qa | grep splunk
[root@corp-cmx02-v20 hand0001]# rpm -qa | grep splunk
splunk-6.3.1-f3e41e4b37b2.x86_64
Check splunk config file:
$grep -v "^$" /opt/splunk/etc/splunk-launch.conf | grep -v '^ *#'
Default Configuration File – Snippet
SPLUNK_HOME=/opt/splunk
SPLUNK_SERVER_NAME=Splunkd
SPLUNK_WEB_NAME=splunkweb
[root@corp-cmx02-v20 hand0001]# grep -v “^$” /opt/splunk/etc/splunk-launch.conf | grep -v ‘^ *#’
SPLUNK_HOME=/opt/splunk
SPLUNK_SERVER_NAME=Splunkd
SPLUNK_WEB_NAME=splunkweb
$sudo su - splunk
[root@corp-cmx02-v20 hand0001]# sudo su – splunk
Start Splunk
$cd /opt/splunk/bin $./splunk start
[splunk@corp-cmx02-v20 ~]$ cd /opt/splunk/bin/
[splunk@corp-cmx02-v20 bin]$ ./splunk start
SOFTWARE LICENSE AGREEMENT
THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”) GOVERNS THE LICENSING,
INSTALLATION AND USE OF SPLUNK SOFTWARE. BY DOWNLOADING AND/OR INSTALLING SPLUNK
SOFTWARE (A) YOU ARE INDICATING THAT YOU HAVE READ AND UNDERSTAND THIS
AGREEMENT, AND AGREE TO BE LEGALLY BOUND BY IT ON BEHALF OF THE COMPANY,
GOVERNMENT, OR OTHER ENTITY FOR WHICH YOU ARE ACTING (FOR EXAMPLE, AS AN
EMPLOYEE OR GOVERNMENT OFFICIAL) OR, IF THERE IS NO COMPANY, GOVERNMENT OR OTHER
ENTITY FOR WHICH YOU ARE ACTING, ON BEHALF OF YOURSELF AS AN INDIVIDUAL; AND (B)
YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ACT ON BEHALF OF AND
BIND SUCH COMPANY, GOVERNMENT OR OTHER ENTITY (IF ANY).
WITHOUT LIMITING THE FOREGOING, YOU (AND YOUR ENTITY, IF ANY) ACKNOWLEDGE THAT
BY SUBMITTING AN ORDER FOR THE SPLUNK SOFTWARE, YOU (AND YOUR ENTITY (IF ANY))
HAVE AGREED TO BE BOUND BY THIS AGREEMENT.
As used in this Agreement, “Splunk,” refers to Splunk Inc., a Delaware
corporation, with its principal place of business at 250 Brannan Street, San
Francisco, California 94107, U.S.A.; and “Customer” refers to the company,
government, or other entity on whose behalf you have entered into this Agreement
or, if there is no such entity, you as an individual.
1. DEFINITIONS. Capitalized terms used but not otherwise defined in this
Do you agree with this license? [y/n]: y
This appears to be your first time running this version of Splunk.
Copying ‘/opt/splunk/etc/openldap/ldap.conf.default’ to ‘/opt/splunk/etc/openldap/ldap.conf’.
Generating RSA private key, 1024 bit long modulus
……++++++
………………++++++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 1024 bit long modulus
……………………………++++++
….++++++
e is 65537 (0x10001)
writing RSA key
Moving ‘/opt/splunk/share/splunk/search_mrsparkle/modules.new’ to ‘/opt/splunk/share/splunk/search_mrsparkle/modules’.
Splunk> 4TW
Checking prerequisites…
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration… Done.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/appserver/i18n
Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking critical directories…Done
Checking indexes…
Validated: _audit _internal _introspection _thefishbucket history main summary
Done
New certs have been generated in ‘/opt/splunk/etc/auth’.
Checking filesystem compatibility… Done
Checking conf files for problems…
Done
Checking default conf files for edits…
Validating installed files against hashes from ‘/opt/splunk/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64-manifest’
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)…
Generating a 1024 bit RSA private key
……………….++++++
………………………….++++++
writing new private key to ‘privKeySecure.pem’
—–
Signature ok
subject=/CN=corp-cmx02-v20.ocio.monash.edu/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
[ OK ]
Waiting for web server at http://127.0.0.1:8000 to be available.. Done
If you get stuck, we’re here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://corp-cmx02-v20.ocio.monash.edu:8000
Alternately you can accept the licence agreement with this command:
$./splunk start --answer-yes --no-prompt --accept-license
Launch the web portal
Launch the portal from the browser.
After installing you can launch the admin portal from the browser, admin password has to be changed when you launch it for the first time. Enter the default user “admin” and default password “changeme” and click on “Sign in” button.
New Password
After login, you will have to set new password and confirm the new password again for the admin user and click on “Save Password” button, to launch the default page.
Splunk is now installed and at a point to configure it for data.
THE WLAN 
Pingback: CMX to Splunk Connector – THE WLAN