Splunk – Install to RHEL 7

As part of testing the CMX to Splunk direct connector I was presented with the requirement to install Splunk.

As I had access to a RHEL 7 box I decided to install Splunk onto this box.

I would like to give credit to VCP Muthukrishna’s blog for helping me learn how to install Splunk. His blog is available here

Steps to Install Splunk:

Check if package is installed

$rpm -qa | grep splunk
[splunk@corp-cmx02-v20 bin]$ rpm -qa | grep splunk
[splunk@corp-cmx02-v20 bin]$

Download the package

$wget http://download.splunk.com/products/splunk/releases/6.3.1/splunk/linux/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
Resolving download.splunk.com (download.splunk.com)… 54.230.243.9, 54.230.243.13, 54.230.243.38, …
Connecting to download.splunk.com (download.splunk.com)|54.230.243.9|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 144763283 (138M) [application/x-rpm]
Saving to: ‘splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm’
100%[======================================>] 144,763,283 19.0MB/s   in 15s
2016-10-20 08:30:59 (9.26 MB/s) – ‘splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm’ saved [144763283/144763283]
[hand0001@corp-cmx02-v20 ~]$ chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ rpm -i –prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
warning: splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 653fb112: NOKEY
error: can’t create transaction lock on /var/lib/rpm/.rpm.lock (Permission denied)
[hand0001@corp-cmx02-v20 ~]$ su rpm -i –prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
su: invalid option — ‘i’
Usage:
 su [options] [-] [USER [arg]…]
Change the effective user id and group id to that of USER.
A mere – implies -l.   If USER not given, assume root.
Options:
 -m, -p, –preserve-environment  do not reset environment variables
 -g, –group             specify the primary group
 -G, –supp-group         specify a supplemental group
 -, -l, –login                  make the shell a login shell
 -c, –command         pass a single command to the shell with -c
 –session-command     pass a single command to the shell with -c
                                 and do not create a new session
 -f, –fast                      pass -f to the shell (for csh or tcsh)
 -s, –shell             run shell if /etc/shells allows it
 -h, –help     display this help and exit
 -V, –version  output version information and exit
For more details see su(1).

Install the package (Note: we are installing the free version)

$chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm

[hand0001@corp-cmx02-v20 ~]$ sudo chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm

Change to root user and install package (found it didn’t work otherwise)

$rpm -i --prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
[hand0001@corp-cmx02-v20 ~]$ sudo su
[root@corp-cmx02-v20 hand0001]# rpm -i splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
complete
[root@corp-cmx02-v20 hand0001]#

Verify Splunk installed

$rpm -qa | grep splunk
[root@corp-cmx02-v20 hand0001]# rpm -qa | grep splunk
splunk-6.3.1-f3e41e4b37b2.x86_64

Check splunk config file:

$grep -v "^$" /opt/splunk/etc/splunk-launch.conf | grep -v '^ *#'

Default Configuration File – Snippet

SPLUNK_HOME=/opt/splunk
SPLUNK_SERVER_NAME=Splunkd
SPLUNK_WEB_NAME=splunkweb

[root@corp-cmx02-v20 hand0001]# grep -v “^$” /opt/splunk/etc/splunk-launch.conf | grep -v ‘^ *#’
SPLUNK_HOME=/opt/splunk
SPLUNK_SERVER_NAME=Splunkd
SPLUNK_WEB_NAME=splunkweb
$sudo su - splunk
[root@corp-cmx02-v20 hand0001]# sudo su – splunk
Start Splunk
$cd /opt/splunk/bin
$./splunk start
[splunk@corp-cmx02-v20 ~]$ cd /opt/splunk/bin/
[splunk@corp-cmx02-v20 bin]$ ./splunk start
                    SOFTWARE LICENSE AGREEMENT
THIS SOFTWARE LICENSE AGREEMENT (“AGREEMENT”) GOVERNS THE LICENSING,
INSTALLATION AND USE OF SPLUNK SOFTWARE. BY DOWNLOADING AND/OR INSTALLING SPLUNK
SOFTWARE (A) YOU ARE INDICATING THAT YOU HAVE READ AND UNDERSTAND THIS
AGREEMENT, AND AGREE TO BE LEGALLY BOUND BY IT ON BEHALF OF THE COMPANY,
GOVERNMENT, OR OTHER ENTITY FOR WHICH YOU ARE ACTING (FOR EXAMPLE, AS AN
EMPLOYEE OR GOVERNMENT OFFICIAL) OR, IF THERE IS NO COMPANY, GOVERNMENT OR OTHER
ENTITY FOR WHICH YOU ARE ACTING, ON BEHALF OF YOURSELF AS AN INDIVIDUAL; AND (B)
YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ACT ON BEHALF OF AND
BIND SUCH COMPANY, GOVERNMENT OR OTHER ENTITY (IF ANY).
WITHOUT LIMITING THE FOREGOING, YOU (AND YOUR ENTITY, IF ANY) ACKNOWLEDGE THAT
BY SUBMITTING AN ORDER FOR THE SPLUNK SOFTWARE, YOU (AND YOUR ENTITY (IF ANY))
HAVE AGREED TO BE BOUND BY THIS AGREEMENT.
As used in this Agreement, “Splunk,” refers to Splunk Inc., a Delaware
corporation, with its principal place of business at 250 Brannan Street, San
Francisco, California 94107, U.S.A.; and “Customer” refers to the company,
government, or other entity on whose behalf you have entered into this Agreement
or, if there is no such entity, you as an individual.
1.     DEFINITIONS. Capitalized terms used but not otherwise defined in this
Do you agree with this license? [y/n]: y
This appears to be your first time running this version of Splunk.
Copying ‘/opt/splunk/etc/openldap/ldap.conf.default’ to ‘/opt/splunk/etc/openldap/ldap.conf’.
Generating RSA private key, 1024 bit long modulus
……++++++
………………++++++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 1024 bit long modulus
……………………………++++++
….++++++
e is 65537 (0x10001)
writing RSA key
Moving ‘/opt/splunk/share/splunk/search_mrsparkle/modules.new’ to ‘/opt/splunk/share/splunk/search_mrsparkle/modules’.
Splunk> 4TW
Checking prerequisites…
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration…  Done.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/appserver/i18n
Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking critical directories…Done
Checking indexes…
Validated: _audit _internal _introspection _thefishbucket history main summary
Done
New certs have been generated in ‘/opt/splunk/etc/auth’.
Checking filesystem compatibility…  Done
Checking conf files for problems…
Done
Checking default conf files for edits…
Validating installed files against hashes from ‘/opt/splunk/splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64-manifest’
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)…
Generating a 1024 bit RSA private key
……………….++++++
………………………….++++++
writing new private key to ‘privKeySecure.pem’
—–
Signature ok
Getting CA Private Key
writing RSA key
Done
 [  OK  ]
Waiting for web server at http://127.0.0.1:8000 to be available.. Done
If you get stuck, we’re here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://corp-cmx02-v20.ocio.monash.edu:8000

Alternately you can accept the licence agreement with this command:

$./splunk start --answer-yes --no-prompt --accept-license

Launch the web portal
Launch the portal from the browser.

http://servername:8000/

Splunk Splash page.png

After installing you can launch the admin portal from the browser, admin password has to be changed when you launch it for the first time. Enter the default user “admin” and default password “changeme” and click on “Sign in” button.

New Password

splunk change pwd.png

After login, you will have to set new password and confirm the new password again for the admin user and click on “Save Password” button, to launch the default page.

Splunk first login .png

Splunk is now installed and at a point to configure it for data.

Advertisements

One thought on “Splunk – Install to RHEL 7

  1. Pingback: CMX to Splunk Connector – THE WLAN

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s