Enterprise Framework

Software Solutions in the Enterprise

Splunk Forwarder Linux Setup

Splunk Forwarder Linux Setup

                      # Get splunk wget -O splunkforwarder-7.2.1-be11b2c46e23-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.1&product=universalforwarder&filename=splunkforwarder-7.2.1-be11b2c46e23-Linux-x86_64.tgz&wget=true' sudo tar -xvzf splunkforwarder-7.2.1-be11b2c46e23-Linux-x86_64.tgz -C /opt cd /opt/splunkforwarder/bin # Start splunk forwarder sudo ./splunk start --accept-license sudo ./splunk enable boot-start # Change the default password from changeme sudo ./splunk edit user admin -password newp@$$w0rd -role admin -auth admin:changeme # Add forward server (Where to send data) sudo ./splunk add forward-server YourSplunkServer.com:9997 -auth admin:newp@$$w0rd # Point to directory to monitor sudo ./splunk add monitor /opt/log/www1/ Reference: https://www.splunk.com/en_us/resources/videos/splunk-education-getting-data-in-with-forwarders.html
Comments are closed