Splunk

From Ever changing code
Jump to navigation Jump to search

Splunk forwarder

Setup splunk-forwarder agent on Linux

./splunk add  forward-server splunk.acme.com:9997 --accept-license --no-prompt -auth admin:changeme
./splunk list forward-server
./splunk set  deploy-poll    splunk.acme.com:8089
./splunk show deploy-poll
./splunk enable  listen 9997
./splunk display listen
./splunk set  servername <serverName|hostname>
./splunk show servername
./splunk set  default-hostname <serverName|hostname>
./splunk show default-hostname
./splunk enable boot-start