Instalasi Splunk (Log is My Co-Pilot)

| Posted in Linux Server, Monitoring, Splunk

Splunk adalah  data engine untuk  IT.  Bagi pengelola server-server di data centre  sangat berguna menggunakan Splunk.  Saya mengenal Splunk dari guru(mentor) saya yang berkebangsaan Belanda (Director Technology  perusahaan swasta di Jakarta).   Saya salut sama mentor saya bernama Frank ini walaupun jabatannya sudah Direktur Technology tetapi hal sekecil bersifat teknis saja skill nya mumpuni,  semua staff dibawahnya pasti cepat mahir bersama dia, spesialis beliau memang di Linux.  Berbeda dengan kebanyakan direktur IT atau manager IT di perusahaan IT di Jakarta yang sudah malas atau tidak mau  tau hal-hal teknis, jadinya bawahannya tidak punya pegangan kalau ada masalah terhadap sebuah sistem.  Kembali ke Splunk video diatas sempat saya buat dalam pembuatan Splunk disalah satu server linux yang saya maintain. Saya menggunakan Splunk untuk memonitor server-server Linux dan Solaris khususnya  log index, search, alert dan report  secara real time,  dan paling menarik dapat menjadi tools security saya.

Splunk saya install pada sistem operasi Linux distirbusi Debian 5 :

kencana:/home/gtoms# ls
osol-0906-x86.iso  splunk-4.1.5-85165-linux-2.6-intel.deb
kencana:/home/gtoms#

kencana:/home/gtoms# dpkg i splunk4.1.5-85165-linux-2.6-intel.deb
Selecting previously deselected package splunk.
(Reading database … 26126 files and directories currently installed.)
Unpacking splunk (from splunk-4.1.5-85165-linux-2.6-intel.deb) ...
Setting up splunk (4.1.5-85165) ...

—————————————————————————-
Splunk has been installed in:
/opt/splunk

To start Splunk, run the command:
/opt/splunk/bin/splunk start

To use the Splunk Web interface, point your browser at:
http://kencana:8000

Complete documentation is at http://www.splunk.com/r/docs———————————————————————————————————kencana:/home/gtoms#

kencana:/home/gtoms# /opt/splunk/bin/splunk start
SPLUNK INC.

SOFTWARE LICENSE AGREEMENT

THIS SPLUNK SOFTWARE LICENSE AGREEMENT (THE “AGREEMENT”) GOVERNS ALL SOFTWARE
PROVIDED BY SPLUNK INC. (“SPLUNK”) INCLUDING FREE SPLUNK SOFTWARE (“FREE
SOFTWARE”) AND SOFTWARE PURCHASED THROUGH SPLUNK’S ONLINE STORE OR OTHER
CHANNELS (“PURCHASED SOFTWARE”), COLLECTIVELY THE SPLUNK SOFTWARE (“SOFTWARE”)
AND ANY AND ALL UPDATES, UPGRADES, AND MODIFICATIONS THERETO. CONFIRMATION OF
YOUR ORDERS (“ORDER CONFIRMATION”) WILL BE DEEMED INCORPORATED INTO AND MADE
PART OF THIS AGREEMENT.

YOU WILL BE REQUIRED TO INDICATE YOUR AGREEMENT TO THESE TERMS AND CONDITIONS IN
ORDER TO DOWNLOAD THE SOFTWARE AND REGISTER WITH SPLUNK IN ORDER TO OBTAIN
LICENSE KEYS NECESSARY TO COMPLETE THE INSTALLATION PROCESS FOR PURCHASED
SOFTWARE.  BY CLICKING ON THE “YES” BUTTON, DOWNLOADING OR INSTALLING THE
SOFTWARE, OR USING ANY MEDIA THAT CONTAINS THE SOFTWARE, YOU ARE CONSENTING TO
BE BOUND BY THIS AGREEMENT.

IF YOU AGREE TO THESE TERMS ON BEHALF OF A BUSINESS, YOU REPRESENT AND WARRANT
THAT YOU HAVE AUTHORITY TO BIND THAT BUSINESS TO THIS AGREEMENT, AND YOUR
AGREEMENT TO THESE TERMS WILL BE TREATED AS THE AGREEMENT OF THE BUSINESS.  IN
THAT EVENT, “YOU” AND “YOUR” REFER HEREIN TO THAT BUSINESS.

“Splunk Developer API” means the documentation and functionality enabling the
creation of extensions to the Software. “Example Modules” means the source code
and binary form of examples that use the Splunk Developer API.
———————skip——————————-

EACH PARTY SIGNING BELOW REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY
TO BIND THAT BUSINESS TO THIS AGREEMENT, AND THEIR AGREEMENT TO THESE TERMS
WILL BE TREATED AS THE AGREEMENT OF THE BUSINESSIN THAT EVENT, “YOU” AND
“YOUR” REFER HEREIN TO THAT BUSINESS.

Do you agree with this license? [y/n]: y

Copying ‘/opt/splunk/etc/myinstall/splunkd.xml.cfg-default’ to ‘/opt/splunk/etc/myinstall/splunkd.xml’.
Copying ‘/opt/splunk/etc/openldap/ldap.conf.default’ to ‘/opt/splunk/etc/openldap/ldap.conf’.
/opt/splunk/etc/auth/audit/private.pem
/opt/splunk/etc/auth/audit/public.pem
[‘openssl’, ‘genrsa’, ‘-out’, ‘/opt/splunk/etc/auth/audit/private.pem’, ‘1024’]
/opt/splunk/etc/auth/audit/private.pem generated.
/opt/splunk/etc/auth/audit/public.pem generated.
Generating RSA private key, 1024 bit long modulus
...............................++++++
.....................++++++
e is 65537 (0×10001)
writing RSA key

/opt/splunk/etc/auth/distServerKeys/private.pem
/opt/splunk/etc/auth/distServerKeys/trusted.pem
[‘openssl’, ‘genrsa’, ‘-out’, ‘/opt/splunk/etc/auth/distServerKeys/private.pem’, ‘1024’]
/opt/splunk/etc/auth/distServerKeys/private.pem generated.
/opt/splunk/etc/auth/distServerKeys/public.pem generated.
Generating RSA private key, 1024 bit long modulus
.................++++++
........................................++++++
e is 65537 (0×10001)
writing RSA key

This appears to be your first time running this version of Splunk.
Moving ‘/opt/splunk/share/splunk/search_mrsparkle/modules.new’ to ‘/opt/splunk/share/splunk/search_mrsparkle/modules’.
Creating: /opt/splunk/var/lib
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
Checking databases…
Validated databases: audit, blocksignature, internal, thefishbucket, history, main, sample, summary

Splunk> Be an IT superhero. Go home early.

Checking prerequisites…
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking configuration…  Done.
Checking index directory…  Done.
Checking databases…
Validated databases: audit, blocksignature, internal, thefishbucket, history, main, sample, summary
All preliminary checks passed.

Starting splunk server daemon (splunkd)... Done.

kencana:/home/gtoms# dpkg—status splunk

Package: splunk
Status: install ok installed
Priority: extra
Section: non-free
Maintainer: Splunk Inc.
Architecture: i386
Version: 4.1.5-85165
Description: Splunk
Copyright: 2005-2010 Splunk Inc.
Splunk is the IT Search engine.
kencana:/home/gtoms#

Untuk administrasi menggunakan web based :

http://192.168.1.1:8000/

masukkan username dan password, selamat ber-splunk ria.

Comments (1)

Mas, b’manfaat bgt splunknya, tapi saya ada keluhan mas…
saya baru belajar splunk, apa aja yang kita butuh buat jadi ahli splunk? contohnya kita harus ngerti java atau apa…??
trus external databasenya splunk ngak ada di tools splunk versi 5.0, itu gmn mas…?
makasih masukannya mas.

Hey! Would you mind if I share your blog with my myspace group?

There’s a lot of folks that I think would really appreciate your content.
Please let me know. Cheers

Write a comment