One 、Splunk summary
splunk It's the engine of machine data .
splunk Provide a complete set of Solutions . Log collection 、 Storage 、 analysis 、 Visual display as a whole .
Official website :https://www.splunk.com https://www.splunk.com/zh-hans_cn
Deploy , To configure ,SPL Language , analysis , Visual display .
course :https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchTutorial/NavigatingSplunk
Manual in simplified Chinese :https://docs.splunk.com/Documentation/Splunk/7.3.3/Translated/SimplifiedChinesemanuals
Two 、 install Splunk
2.1 download Splunk
Due to some compliance requirements , If you also encounter such access restrictions , Then you need to re register the user .
You can use foxmail mailbox , The place of registration is the United States , In this way, the download source can be accessed normally after registration .
After creating an account , You can enter the installation package download interface , Select the corresponding installation package , Click download to download Splunk Enterprise, Free trial 60 God , Daily Index 500MB.
2.2 stay Linux Platform installation Splunk
(1) install Splunk
cd /opt
rpm -ivh rpm -ivh splunk-8.2.3-cd0848707637-linux-2.6-x86_64.rpm
(2) Set the environment variable :
[[email protected] bypass]# vi /etc/profile
export SPLUNK_HOME=/opt/splunk
export PATH=$SPLUNK_HOME/bin:$PATH
[[email protected] bypass]# source /etc/profile
(3) start-up splunk
Use splunk start Command to start splunk, Enter the user and password , Initialization complete .
(4) visit splunk web port
english :http://192.168.44.130:8000/en-GB
chinese :http://192.168.44.130:8000/zh-CN
2.3 stay Windows Platform installation Splunk
(1) Installation preparation
Environmental Science :Windows10,Windows Server 2016,2019
download Windows msi Installation package
(2) install Splunk
double-click msi file , Enter custom installation , Keep clicking next , Until completion .
(3) System environment configuration
Set the environment variable : take C:\Splunk\bin Add to path
In service management , You can see there's one Splunkd Service service :
(4) visit splunk
Open the browser , It is recommended to use chrome,Splun Default on Port 8000 Up operation .
Splunk web Access address :http://localhost:8000
2.4 Common administrative commands
splunk version
splunk status|start|top|restart
View management port
splunk show splunkd-port
see web port
splunk show web-port
splunk set web-port 9000 // Change port
Check monitor
splunk display listen
splunk list splunkd-port
splunk list index // Look at the index
splunk list license
splunk list monitor // Check the monitor
splunk add index fxidx// Add index
uninstall :
splunk disable boot-start
splunk stop
rm -rf /opt/splunk
