splunk
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| splunk [2023/12/22 07:32] – [Install Indexer / Heavy Forwarder] baumi | splunk [2024/01/11 09:41] (current) – baumi | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Splunk | + | ====== Splunk |
| - | ===== Install Indexer / Heavy Forwarder | + | ==== Install Indexer / Heavy Forwarder ==== |
| < | < | ||
| sudo useradd -m -d /opt/splunk -s /bin/bash -U splunk && \ | sudo useradd -m -d /opt/splunk -s /bin/bash -U splunk && \ | ||
| Line 9: | Line 9: | ||
| </ | </ | ||
| - | ===== Configure Receiver to receive data ===== | + | ==== Configure Receiver to receive data ==== |
| https:// | https:// | ||
| < | < | ||
| Line 18: | Line 18: | ||
| </ | </ | ||
| - | ===== Set-Up Forwarding | + | ==== Set-Up Forwarding ==== |
| https:// | https:// | ||
| < | < | ||
| Line 30: | Line 30: | ||
| sudo su -c "/ | sudo su -c "/ | ||
| </ | </ | ||
| + | ==== Forward to more than one destinations ==== | ||
| + | / | ||
| + | <file text outputs.conf> | ||
| + | [tcpout] | ||
| + | defaultGroup = group1, | ||
| + | indexAndForward = 0 | ||
| - | ===== Universal Forwarder | + | [tcpout: |
| + | disabled | ||
| + | server = receiver1: | ||
| + | |||
| + | [tcpout: | ||
| + | disabled = false | ||
| + | server = receiver2: | ||
| + | </ | ||
| + | |||
| + | ==== Universal Forwarder ==== | ||
| < | < | ||
| useradd -m -d / | useradd -m -d / | ||
| Line 39: | Line 54: | ||
| </ | </ | ||
| - | {{tag> | + | {{tag>kb linux splunk}} |
splunk.1703226763.txt.gz · Last modified: by baumi