Splunk のインストール方法

目的

Splunk Enterpriseのインストール方法について解説する。

手順

Splunk Enterpriseをダウンロードする。

wget -O splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.1&product=splunk&filename=splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64.rpm&wget=true'

Splunk Enterpriseをインストールする

yum -y localinstall splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64.rpm 
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Examining splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64.rpm: splunk-8.0.1-6db836e2fb9e.x86_64
Marking splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package splunk.x86_64 0:8.0.1-6db836e2fb9e will be installed
--> Finished Dependency Resolution
# .bashrc
amzn2-core/2/x86_64                                                                                                                                     | 2.4 kB  00:00:00     

Dependencies Resolved

===============================================================================================================================================================================
 Package                      Arch                         Version                                     Repository                                                         Size
===============================================================================================================================================================================
Installing:
 splunk                       x86_64                       8.0.1-6db836e2fb9e                          /splunk-8.0.1-6db836e2fb9e-linux-2.6-x86_64                       1.2 G

Transaction Summary
===============================================================================================================================================================================
Install  1 Package

Total size: 1.2 G
Installed size: 1.2 G
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : splunk-8.0.1-6db836e2fb9e.x86_64                                                                                                                            1/1 
complete
  Verifying  : splunk-8.0.1-6db836e2fb9e.x86_64                                                                                                                            1/1 

Installed:
  splunk.x86_64 0:8.0.1-6db836e2fb9e                                                                                                                                           

Complete!

環境変数を変更する

$ vi ~/.bashrc
export SPLUNK_HOME=/opt/splunk
export PATH=$PATH:$SPLUNK_HOME/bin
$ exec bash

splunk startでSplunk Enterpriseを実行する。

splunk start --accept-license --answer-yes

ユーザー名、パスワードを設定する

This appears to be your first time running this version of Splunk.

Splunk software must create an administrator account during startup. Otherwise, you cannot log in.
Create credentials for the administrator account.
Characters do not appear on the screen when you type in credentials.

Please enter an administrator username: user
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password: XXXX
Please confirm new password: XXXX

設定したユーザー名とパスワードを用いて、IPアドレス：８０００へアクセスする