Splunk Installation

Fairly short and sweet to get the agent installed; details are below.

1)      Install the appropriate package from a designated and trusted source:

2)     The default installation path, ${INSTALL_PATH} = /opt/splunkforwarder

3)      Next, create a file with the path /opt/splunkforwarder/etc/system/local/deploymentclient.conf with the contents:

[deployment-client]

[target-broker:deploymentServer]
targetUri = splunkdeploy.uits.uconn.edu:8089

4)      Run the following (supplying your own randomized password; note that it will never be used).

/opt/splunkforwarder/bin/splunk edit user admin -password 'NeverUsedButMustBeSet9x83qmw2304e9hf' -auth admin:changeme

5)      Make the init script:

/opt/splunkforwarder/bin/splunk enable boot-start -user splunk

6)     Set the proper permissions:

setfacl -Rm d:splunk:rwx,u:splunk:rwx /opt/splunkforwarder/var
setfacl -Rm d:splunk:rwx,u:splunk:rwx /opt/splunkforwarder/etc

7)       Once created, start splunk.  $ service splunk start

8)      Finally, send the following information to your Splunk Admin:

1. Hostname of the server
2. IP of the server (both internal IP and the external IP if NAT is involved)
3. Paths to be collected (with wildcards where appropriate)