2. 以Root權限安裝Splunk
# dpkg -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb
Selecting previously unselected package splunk.
(Reading database ... 146804 files and directories currently installed.)
Preparing to unpack splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb ...
Unpacking splunk (7.1.1) ...
Setting up splunk (7.1.1) ...
complete
# dpkg --status splunk
Package: splunk
Status: install ok installed
Maintainer: Splunk Inc. <info@splunk.com>
Architecture: amd64
Version: 7.1.1
Description: Splunk The platform for machine data.
# dpkg --list
Desired=Unknown/Install/Remove/Purge/Hold
略
ii splunk 7.1.1 amd64 Splunk The platform for machine data.
略
# /opt/splunk/bin/splunk start
:略
Do you agree with this license? [y/n]: y
This appears to be your first time running this version of Splunk.
An Admin password must be set before installation proceeds.
Password must contain at least:
* 8 total printable ASCII character(s).
Please enter a new password: 輸入密碼
Please confirm new password: 再次輸入密碼
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 2048 bit long modulus
..................................................................................................................+++
..................................................+++
e is 65537 (0x10001)
writing RSA key
Generating RSA private key, 2048 bit long modulus
.......+++
..........+++
e is 65537 (0x10001)
writing RSA key
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
Splunk> Be an IT superhero. Go home early.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration... Done.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
Creating: /opt/splunk/var/run/splunk/appserver/i18n
Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunk/var/run/splunk/upload
Creating: /opt/splunk/var/spool/splunk
Creating: /opt/splunk/var/spool/dirmoncache
Creating: /opt/splunk/var/lib/splunk/authDb
Creating: /opt/splunk/var/lib/splunk/hashDb
New certs have been generated in '/opt/splunk/etc/auth'.
Checking critical directories... Done
Checking indexes...
Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
Done
Checking filesystem compatibility... Done
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunk/splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
...+++
..............................................................................................................................+++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=elk60/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
Waiting for web server at http://127.0.0.1:8000 to be available.... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://elk60:8000
完成安裝,開啟瀏覽器 ,以admin帳號,及前面輸入的密碼
