Splunk is robust and integrated software for real-time log management to collect, store, search, diagnose and report any logs.
By using Splunk we can gather, store, record, seek, correlate, imagine, investigate and report any log or information rapidly in a rehashed way to distinguish and resolve any security issues.
System requirements to install Splunk
- Centos 7 or RHEL 7 servers with a minimal install
- Ram required: 12GB Ram
Splunk Installation Steps on Centos 7
1. Use w command to download the Splunk package.
# wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2. -x86_64.rpm&wget=true’
2.Using Rpm package manager install the Splunk enterprise RPM in the default directory /opt/splunk.
# rpm -i splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm
3. Use below command to start Splunk installation.
# /opt/splunk/bin/./splunk start
4. Agree with the license statement.
5. Give an 8 character password.
6. Allow port 8000 which Splunk server listens on your firewall.
# firewall-cmd –add-port=8000/tcp –permanent
# firewall-cmd –reload
7. Use below URL to start Splunk web server interface.