Notes: For CentOS steps and video, you can find it at the end of this post.
1. Create a new Ubuntu 18.04 LTS VMÂ from GCP ->Computer Engine -> VM Instance
2. SSH Log into Ubuntu VMÂ from GCP ->Computer Engine -> VM Instance
3. Download Splunk from Ubuntu VM
Scrip for download link:
product="splunk" # values can be : splunk , universalforwarder
version="7.0.2" # Splunk product Version
hash="8c86330ac18" # specific per Version
arch="amd64" # values can be : x86_64 (redhat, tgz), amd64 (ubuntu), x64 (Windows)
os="linux" # values can be : linux, windows
pkg="deb" # Values can be : tgz, rpm, deb, msi
if [ $pkg = "tgz" ]; then
filename="${product}-${version}-${hash}-Linux-${arch}.${pkg}"
elif [ $os = "windows" ]; then
filename="${product}-${version}-${hash}-${arch}-release.${pkg}"
else
filename="${product}-${version}-${hash}-${os}-2.6-${arch}.${pkg}"
fi
md5File="${filename}.md5"
echo $filename # Verify this is correct
wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${md5File}"
wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}"
# OR
curl -o "$md5File" "https://download.splunk.com/products/splunk/releases/${version}/${os}/${md5File}"
curl -o "$md5File" "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}"
Download Splunk Package using wget :
johnyan_ca@ubuntu:~$ echo $filename splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb johnyan_ca@ubuntu:~$ wget "https://download.splunk.com/products/splunk/releases/${version}/${os}/${filename}" --2018-10-19 23:14:33-- https://download.splunk.com/products/splunk/releases/7.2.0/linux/splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb Resolving download.splunk.com (download.splunk.com)... 13.35.115.61, 13.35.115.82, 13.35.115.18, ... Connecting to download.splunk.com (download.splunk.com)|13.35.115.61|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 261290760 (249M) [application/octet-stream] Saving to: ‘splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb’ splunk-7.2.0-8c86330ac18-lin 100%[=============================================>] 249.19M 6.09MB/s in 41s 2018-10-19 23:15:15 (6.04 MB/s) - ‘splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb’ saved [261290760/261290760]
johnyan_ca@ubuntu:~$ wget https://download.splunk.com/products/splunk/releases/7.2.0/linux/splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb
4. Install Splunk PackageÂ
johnyan_ca@ubuntu:~$ dpkg -i splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb dpkg: error: requested operation requires superuser privilege johnyan_ca@ubuntu:~$ sudo su root@ubuntu:/home/johnyan_ca# root@ubuntu:/home/johnyan_ca# root@ubuntu:/home/johnyan_ca# dpkg -i splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb Selecting previously unselected package splunk. (Reading database ... 60641 files and directories currently installed.) Preparing to unpack splunk-7.2.0-8c86330ac18-linux-2.6-amd64.deb ... Unpacking splunk (7.2.0) ... Setting up splunk (7.2.0) ... complete
root@ubuntu:/home/johnyan_ca# cd /opt/splunk/bin/ root@ubuntu:/opt/splunk/bin# ./splunk enable boot-start SPLUNK SOFTWARE LICENSE AGREEMENT HIS SPLUNK SOFTWARE LICENSE AGREEMENT ("AGREEMENT") GOVERNS THE LICENSING, INSTALLATION AND USE OF SPLUNK SOFTWARE. BY DOWNLOADING AND/OR INSTALLING .
.
.
.[Omitted]
.
. 4. FORCE MAJEURE. Splunk will not be responsible for any failure or delay in its performance under these Terms and Conditions due to causes beyond its reasonable control, including, but not limited to, labor disputes, strikes, lockouts, shortages of or inability to obtain labor, energy, raw materials or supplies, war, acts of terror, riot, acts of God or governmental action. Splunk Software License Agreement 10.01.2018 Do you agree with this license? [y/n]: y This appears to be your first time running this version of Splunk. Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials. Please enter an administrator username: johnyan Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password: Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus ...................................................+++ ................................................................................................................+++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus ....................+++ .........+++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Init script installed at /etc/init.d/splunk. Init script is configured to run at boot. root@ubuntu:/opt/splunk/bin# root@ubuntu:/opt/splunk/bin# root@ubuntu:/opt/splunk/bin# service splunk start root@ubuntu:/opt/splunk/bin#
5. Firewall Rule Change
Open tcp 8000 port in Google Cloud Platform VPC network -> Firewall rules
6. Add local log folder as data input
Here is an example to add a new local folder /var/log as a data input.
Youtube Video:
References:
No comments:
Post a Comment