01-’ 2,34)5’67879’ :;88?@AB>C

!"#$%&'()*+,-./01-'

2,34)5'67879'

:;<=5'>88?@AB>C<'DEF8='

GH"IJKLMN'!"#$%&O'P%Q7'R##'SKLMNT'SUTUJVUW'

ii

XY'!"#$%&'()*+,-./01-Z[\]^'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'F!()*+,-./01-_`a'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'F!b*cdef777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'F!!"#$%&'1,gchijk()*+,-`a'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'9!!"#$%& l(m)*nopq'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'6!()*+,-_En'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'r!

()*+,-_stuvwx'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'A!ylz+{|,d_}~'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'A!�K%WH�T Z_()*+,-'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'A!�.)�l()��K%WH�T Z_()*+,-'777777777777777777777777777777777777777777777777777777777777777777777777777777777'F>!�K%$� Z_()*+,-'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'Fr!!H#�JKT Z_()*+,-'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'F?!��Q'�!Z()*+,-'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'>F!�JUU�!� Z_()*+,-'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'>6!RP� Z_()*+,-77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'>C!l(m)*_()*+,-'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'>A!!"#$%& �*h+zy��){��0�,b4)_��'777777777777777777777777777777777777777777777777777777777777777777777777777'98!

!"#$%& _��'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'9>!!"#$%& _��'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'9>!

9767� �E_2,34)��_� '777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'96!678 ¡n� ¢£_¤¥¦'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'96!§¨P� n©ª«!"'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'68!�K%WH�T n©ª«!"'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'6F!!"#$%&'67� nv�¬� ¢«v'7777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'69!67�'!"#$%& ()*®)*¯°±�²��°³p¬²´µp¶'777777777777777777777777777777777777777777777777777777777777777777777'6·!

678 �¸��_1zy¹�,�'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'6A!�K%WH�T º_ !"#$%& _1zy¹�,�'777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'6A!�K%$�»!H#�JKT»�JUU�!�»RP�»��Q�!º_ !"#$%& _1zy¹�,�'7777777777777777777777777777777777777777777777777'6?!

^_¼_®*h'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'·F!!"#$%& �½_¾�¯¿-,+À,Á,��Â '77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'·F!!"#$%& _1)()*+,-'77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777'·>!�K%WH�T n()*+,-Ãn}~°�À,Á,_ÄÅ'777777777777777777777777777777777777777777777777777777777777777777777777777777'·6!*®)�1Æ)Ç 9767� �yÆ(È)+É,2,_ÊË'77777777777777777777777777777777777777777777777777777777777777777777777777777'··'

1

!"#$%&'()*+,-./01-Z[\]^''

()*+,-./01-_`a'

()*+,-./01-_`a'

ÌÍ¯»b*cdef»l(m)*ÎÏ»()*+,-vµ�n !"#$%& _.(¹�,b4)nopqÐÑ°¾¢¶'

Òe³ÎÏ�Ó¢'

ÌÔÕ-Ö×_XY�ØÙ¢«»¾�¯Úº_ÛÜÝzh*nÞß�àá°qâãnÛÜ°¾¢¶'

[äåæu³bçèéêë*+ylhc�*�ìä�píî¯»!"#$%&'GHïï$%KNI'�K&K ¬¼_À,Á,ð'!"#$%&'Pñ �ò_[\nØÙ°qp«��ó«]kð¬x¾¢¶'

b*cdef'

b*cdef'

!"#$%& ô{+_õö)Æ,�¾�¯()*+,-�Â ¢«En»É÷,+µøqp«b*cdnù¢«ef�Ñú¢«ûümhb4)�©ýþ²´µp¶ÿ!_èè,*n"#¢$x%&'nù¢«(¥óê(e)ð*ä¾°��»!"#$%&'!$""HJN ¾¬È,-°q²´µp¶¾�»+,_-.Æ,�.zy/(0²´µp¶'

1%2,34)_õö)Æ,�nopq¯õö)Æ,�2,3�(0²´µp¶3ì_µ�nÐ45þ67nopq_8°pÎÏ¯èè,*9,+�©ýþ²´µp¶

�yÆ(È)+n*��q_:,�ö;1<yl/)¹nù¢«=>nopq¯»!"#$%&'GHïï$%KNI'�K&Kn?@µøqp«Ì+Azh�(0²´µp¶'

BC�!'

! !"#$%& ¯»ûü_ylz+{|,dº¬(DÙEª¾¢¶'! !H#�JKT'?'F'F8'G�AC'F'!HRSGI'! �K%$�J,Õ- >7C7� ¡KL^ø�¸2,34)'G�ACI'! �JUU�!�'C7F'F'C7>'G�ACI'! �K%WH�T'>889'GC6MNKN»9>MNKN/É÷,+°qp«ð C6MNKN �OPI'! �K%WH�T'>88A'GC6MNKN»9>MNKN/É÷,+°qp«ð C6MNKN �OPI'! �K%WH�T�H'G9>MNKNI'! QKTN�'G9>MNKN'F'C6MNKNI''! ��Q�!�'F87·'G9>MNKNI'! RP�'·7>'F'·79'

2

§ñ�MA�R_�!º¬�){��0�,b4){S(-_:;kTU'

!"#$%& ¯»�){��0�,b4){S(-¯ R!GPP ¾�¯ §ñ�MA ¬:;µøqp«kOË°¾¢¶§ñ�MA �R_'

�!º¬�){��0�,b4){S(-�TU¾�¯:;¢«íî¯»�Ù¢«V��®ðR!GPP¾�¯§ñ�MA¬WX¢«[\nÊËµøqp«�ÒYZ[°q²´µp¶'

BC\löÁ'

! �KJU]H�'>'©[L'9787�'! P%NUJ%UN'^�"#HJUJ'r'©[L'A''! !�]�JK'9'

OP:,�ö;1'

!"#$%& ¯»_`'1yèa,b4)¬¢¶b;�yÆ(È)+�¢«n*�ä !"#$%& _cîde�Âf¢«£¯»gh»b;ijnÙp«:,�ö;1��Ùµø«]k�©Pk°¾¢¶^_£(DÙµø«:,�ö;1¯»ûünOP¢«:,�ö;1'álmnnî¾�¯]ø�º�«]k�ofk°¾¢¶'

p¥5'ò_ylz+{|,dº¬/2,ij-<.b)GQ�Iq,�¬ !"#$%& �Â ¢«íî¯»`'ðûðä¾¢¶'

OP�1r:,�ö;1gjÔbc�'

ylz+{|,d' OP:,�ö;1'á�){��0�,b4)' 1r:,�ö;1'á'

¿ �K%WH�T<ylz+{|,d'

>�' h1z��1 �UH%»9stu»As�' SR�»SRP�' 8'¾�¯ Fv8»C6wz+�!x@'

F�F76'stu'GH§»F's�'SR�'

�K%WH�T <ylz+{|,d'

>�' h1z��1 �UH%»9stu»As�' SR�»SRP�' 8'¾�¯ Fv8»C6wz+�!x@'

HU%NK$ï'6 ¾�¯yz_'>sMu»>s�'SR�'

p¥5'{|�Ùn !"#$%& �DÙµø«íî¯»1r:,�ö;1}(�l()n~�q²´µp¶!"#$%&��*h+zy»¾�¯9,+\zhº¬ØÙµø«íî¯»!"#$%& �*h+zy1yèa,b4)¾�¯�){��0�,b4)�ØÙ¢«]k�OP°¾¢¶'

�e5'{|�,õ��()*+,-n»()�zh*Ù_*2,*_¼n»1� >s�_:,��*h*2,*ðÒek³ä¾¢¶yl/)¹ÎÏnopq¯ !"#$%&'GHïï$%KNI _ �%H�#UWLU��TU [äÒe()�zh*É(�a�_O�nù¢«+Azh�(��²´µp¶'

�e5'!"#$%& nù¢«1ref¯»!"#$%& l(+{|�,õ()*®)*�R_��){��0�,b4)nnÙµø¾¢¶'

' '

3

!"#$%&l(+{|�,õnù¢«:,�ö;1ef'

#$ %&'()' 1.5Ghz+ *+,-./1GB+ RAM

01 1.0 Ghz *+,-./512MB RAM

�yÆ(È)+yl)nù¢«ÎÏ¯»!"#$%&'GHïï$%KNI'�%H�#UWLU��TU _�yÆ(È)+mhb4)�(��²´µp¶'

BC{S(-b*cd'

ylz+{|,d' {S(-b*cd'

�K%$�' U�N>�9»JUKTUJ9»��!'

!H#�JKT' §�!»��!»Q��!'

�JUU�!�' ��!»§�!'

��Q'�!'�' t�!'

RP�' ��!»��!>»¨�!'9�6'

�K%WH�T' ¨ñ�!»�Rñ9>'

p¥5'ºü�R_{S(-b*cd_�k�ò/É÷,+°qp¾¢¶ºün³p{S(-b*cd¬!"#$%& �Â ¢«k»locktestkp\*®,+1zyÀ,c�èc�ðÂ ¢«íîð*ä¾¢¶Locktest¯»*®,+1zy<yÆm*�c*+¢«yÆ¹ld¬¢¶�HQ&NUTN ð��µøq/Â °³píî¯»^_{S(-b*cdð !"#$%& _Â n�nÅ¬*«kó³µø¾¢¶'

p¥5'�JUU�!� ¬»%$##]T k°q.ö)+¢«]k¯É÷,+°qp¾��¶'

BCÉ,2,_:,�ö;11,gchij'

9> ©[L C6wz+1,gchijð��_ylz+{|,d�ªnÉ÷,+µøqp¾¢¶8�¯õö)Æ,�2,3�(��²´µp¶'

!"#$%&'1,gchijk()*+,-`a'

!"#$%&1,gchijk()*+,-`a'

yÆm*'

!"#$%& É,2,¯(�Ù_�*+º¬'splunkd'©[L'splunkweb'k�±ø« >oyÆm*�Â °¾¢¶'

! T"#$%&W'¯»��ÇG¾�¯GvvÉ,2,¬»*+è,�)¹ Pñ �,®Z_1hm*»µ�n��¾�¯()�zh*�Â °¾¢¶^øn#�ÛÜe�n/BC°¾¢¶Splunkd¯»��_Ô(yl()��q�,®�*+è,�)¹¢«]kn[ä��ê()�zh*�Â °¾¢¶�Ô(yl()¯��_yÆmzÉ�� ;µøqp¾¢¶'

" Ô(yl()¯»splunkdyÆm*`_b)¹-*�z�¬»^ø¡ø ��_b)¹-*/2z+¬ÊËµøqp¾¢¶'

4

" yÆmzÉ¯»{¢_£DÙ¤' G¾�¯Gvv&'¬»Ô(yl()�g°q Pñ�,®_*+è,dn:Ù°¾¢¶Ô(yl()¯g0,�¥¦°q§pn�,®�¨°îp¾¢¶Splunkd¯ÛÜê©ª«¬nÙp«�.)�l()()®{;,*QHïï�%WM#K%U'K%NUJ]�QU®�É÷,+°¾¢¶'

! !"#$%&�UN¯»QMUJJI7"I �¯n°� HINMH% ë,*_1yèa,b4)É,2,¬ !"#$%&'�UNÀ,Á,()®,{;,*�°±°¾¢¶À,Á,¯»!"#$%& É,2,nü²µø�Pñ �,®�ÛÜ°�äçw³,+°�ä»µ�n�UNÀ,Á,()®,{;,*�g°q!"#$%& _��ëÆyÈ)+´�ð �¾¢¶'

splunkweb'234'splunkd'567/S^!ñ89:�UN;<=>?@ABCDEF'

! splunkd¯¾�»�{|-+¬ !!��tññH!ðé)_µ¶¬÷,+·¸ A8A? ¬�UNÉ,2,�Â °¾¢¶'

! splunkweb¯»�{|-+¬ !!��tññH!ðé{_µ¶¬÷,+·¸ A888 ¬�UNÉ,2,�Â °¾¢¶'

¹º'

!"#$%& l(m)*nopq'

!"#$%&l(m)*nopq'

!"#$%& É,2,_()*®)*½nl(m)*_»¼ðÒe¬¢¶]_+Azh¬¯»�½ !"#$%& l(m)*_¾p»l(m)*_()*+,-k¿%_lÀ»l(m)*¾ÁðÂb°�£_BCnopqÐÑ°¾¢¶'

p¥5'�yÆ(È)+¢« !"#$%& ()*®)*½nl(m)*_ÃàðÒe¬¢¶'

5

l(m)*_½Ä'

!"#$%& n¯»ÅÆl(m)*kV)®,yl(�l(m)*_ >½Äð*ä¾¢¶V)®,yl(�¡_&'�ÇÙ°�píî¯»ÃàEndeÙ_V)®,yl(�l(m)*�(ÈÉ²´µp¶'

p¥5'!"#$%&'HJUVKU� èè,*¡�deµø«íî¯»^_ÃnÒe³l(m)*ð�¾øqp¾¢¶'

ÅÆl(m)*kV)®,yl(�l(m)*'

p¥5'!"#$%&'678 ��»ÊV)®,yl(�l(m)*GC8 <Ë��IðÌÍµø¾¢¶ÅÆl(m)*¯ÿ!_èè,*¬(DÙEª«ÎË¬¢¶'

�kq !"#$%& �õö)Æ,�¢«kx»Ï²¢«[\Ðµø¾¢¶Ï²¢«k»F<*�ä1Ñ ·88��_�,®�»äÒþ¤'³ÅÆl(m)*ðÌÍµø¾¢¶ÅÆl(m)*¯deÙl(m)*¬¯³p�k»�Ù��ÓÔð*ä¾��¶V)®,yl(�l(m)*¬¯»µ�nÕ²_a�_�,®�»äÒ�]kð¤'k³«¼n/ûü_&'ð(DÙEª¾¢¶'

! Ö×À,Á,1Jö)+k1hm*�)+Æ,-''! ��ÛÜk�,®-,c�)¹''! �yÆ(È)+´�''

V)®,yl(�l(m)*_ÃàEnºü_&'_ÇÙ�(ØÙ_íî¯»98 <Ë��_de¡V)®,yl(�l(m)*�(ÙÚ²´µp¶'

�l(m)*_ÛÜnù¢«8�¯]]�hèzh°q²´µp¶¾�»!"#$%&_ÅÆl(m)*y¥Í�©ýþ²´µp¶'

deÙV)®,yl(�l(m)*'

µ¾Ý¾³É(�©[L�ÙÓËn��ø�deÙV)®,yl(�l(m)*�()�Eª¾¢¶�{|-+deÓÔ¯ 98 <¬¢¶deÙl(m)*��ÙÃnl(m)*_ÓÔðÞøq/»!"#$%& ¯wxßx�,®�()�zh*°¾¢ð»%°pl(m)*ð()*+,-µø«¾¬ÛÜ¯(DÙEª¾��¶'

p¥5'!"#$%&'678 ��»_ÊV)®,yl(�l(m)*GC8 <Ë��IðÌÍµø¾¢¶ÅÆl(m)*¯ÿ!_èè,*¬(DÙEª«ÎË¬¢¶^_=¦��V)®,yl(�deÙl(m)*¯»(ÙÚn[ä(DÙ¤'k³ä¾¢¶'

y�w0,l(m)*'

!"#$%& _y�w0,èè,*n¯»¼_ !"#$%& èè,*k§à`�á�³p½½_l(m)*ðÒe¬¢¶µ�n»!"#$%& _y�w0,èè,*�deµø«Ë¯»ÅÆ¾�¯V)®,yl(�¡_l(m)*¬¯Â Eª¾��¶y�w0,l(m)*¯gh»V)®,yl(�¡_&'��n°»y�w0,èè,*_þkâÔµøqp¾¢¶'

' '

6

{|�,��)¹l(m)*'

!"#$%& É,2,_�()*®)*n¯^ø¡ønl(m)*ÃàðÒe¬¢¶!"#$%& n¯»{|�,õl(m)*ð�¾øqp¾¢¶]_l(m)*¯� !"#$%& {|�,õn()*+,-¢«Òeð*ä¾¢¶F<*�ä1Ñ F��_�,®_ãä_þ� \]_l(m)*¯»3Xl(m)*��åRµø¾��¶¾�»Ö×_{|�,õnnÙ¬x¾¢¶'

F7 ./splunk stop¬ !"#$%& �æç°¾¢¶''>7 $SPLUNK_HOME/etc/splunk-forwarder.license�$SPLUNK_HOME/etc/splunk.license

n�A,°¾¢¶'97 ./splunk start¬ !"#$%& �èé°¾¢¶'

]_l(m)*¯»(�Ù_.b)��{|�,�¬x«�,®�nâÔ¯*ä¾��¶'

l(m)*©[L�Ù�_©ª'

!"#$%&'�UN¾�¯�.)�l()()®,{;,*GG�PI¬(�Ù_l(m)*_8��(0Eª¾¢¶8°pl(m)*ÎÏn¯l(m)*®(y»()�zh*�ë-»l(m)*_��ÓÔ³ò_�êÎÏð�¾ø¾¢¶'

!"#$%&'�UN_l(m)*ÎÏ©ª'

!"#$%&'�UN¬(�Ù_l(m)*_8��ó«n¯»´�'ë'l(m)*�}~°¾¢¶ìl(m)*©[LDÙµíî_ûn*ä¾¢¶�Ùl(m)*nù¢«�êÎÏ_¼n»l(m)*_��<×»1Ñ()�zh*�Ù�G��©ªI»l(m)*¾Á_×³ò_8°pÎÏð(0n³ø¾¢¶'

p¥5']_2,3��/l(m)*_()*+,-ê¿%�(DÙEª¾¢¶'

G�P_l(m)*ÎÏ©ª'

G�Pn1hm*¤'³íî¯»ûü_Àï¬l(m)*nopq_8�ð(0Eª¾¢¶'

./splunk help show license

G�P¬/yð�ê8��©ª°¾¢¶µ�n»ñÎÓËG¾ÁÓÔI`nòól(m)*ða[¢«1Ñ¾Á×G1Ñ¾ÁI³ò_l(m)*µínù¢«ÎÏ/©ª°¾¢¶¾�»!"#$%&¯ô^�"KJ�NKH%'!N�NUô�©ª°q»�ÙÃ_l(m)*_ÓÔÞø¾¬_<×�r<¾�¯F<¬©ª°¾¢¶^ø�R¯ôH&ôk©ªµø¾¢¶'

l(m)*_()*+,-k¿%'

¢$q_!"#$%&É,2,¯»ÅÆl(m)*(splunk-free.license)¾�¯V)®,yl(�l(m)*(splunk.license)nùõ�Yl(m)*�$SPLUNK_HOME/etc/nöx¾¢¶G�P�DÙ°q»¾�¯!"#$%&'�UN_´�'ë'l(m)*2,3��l(m)*�()*+,-¾�¯¿%¬x¾¢¶!"#$%&l(m)*_()*+,-¾�¯¿%nù¢«Ñú¯´�./01-��÷°q²´µp¶'

7

678Z_� '

97�'!"#$%&()*®)*�øù678¡n� ¢«íî¯»!"#$%&�Â ¢«En$SPLUNK_HOME/etc/splunk.license{S(-�úå°q²´µp¶¢«k»^_*®)*¯678¡n�¾øqp«C8<ËV)®,yl(�¡+l(1-l(m)*�»¼°¾¢¶'

ûü»97�_V)®,yl(�l(m)*©[LÉ÷,+ýþð*«íî¯»¿%Ùl(m)*ð(DÙ¤'¬¢¶T"#$%&7QHïnÆ¹()°q»MNN"5��7T"#$%&7QHï�TNHJU�ïIHJWUJT��àv°q²´µp¶ûX_$SPLUNK_HOME/etc/splunk.license{S(-�%°p{S(-nöxà�«»¾�¯!"#$%&l(m)*_¿%nù¢«Ñú�(0²´µp¶'

��yÆ(È)+Ùl(m)*'

��ij¬!"#$%&�Ö×_�*+º¬Â ¢«íî¯»��*+nÿ�_l(m)*g,ðÒe¬¢¶]øÿ¾¬¢$q_�*+ny�_l(m)*g,��Ù°qp�íî¯»678¡¾�¯^ø�!_2,34)G67879¡�¸_V)®,yl(�deÙl(m)*�å²I¬¯Â µø¾��¶!"#$%&É÷,+n6pîõ�q»3X_l(m)*�Ö×g,n�!°q/�\»¾�¯!"#$%&"#¾¬È,-nq"#g,�(p$²´µp¶'

l(m)*¾Á'

�Ùl(m)*ð%¤¢«1Ñ()�zh*�Ù��&�«k¾ÁðÂb°¾¢¶�<_'Ë��&��íî¯»¾Á1l,+�(ª¾¢¶1l,+Èzm,3¯F6<Ëáß°¾¢¶98<ËÉ(h-¬·o�º_¾ÁðÂb°�íî¯»ÛÜ&'ðÅ�n³ä¾¢¶ÛÜ&'¯98<Ë¬Âb°�¾Áð·o�û_kx»¾�¯]ø¾¬[ä/�ÙÔ)_Ñxpl(m)*�%°²nÙ¢«k�*°¾¢¶'

GH: <I,JKLMBNSplunk5%OPIJ%-QKRSTUDVWF<I,JKXYRZ[\?'Q,K:]R;+-QUDEF

()*+,-_En'

()*+,-_En'

!"#$%&�()*+,-¢«En»ÒYb*cdef�Z[°»�Ù¢«b*cdnn°�()*+,-Ôza,3�õö)Æ,�°q²´µp¶'

!"#$%&��E_2,34)��1zy¹�,�¢«íî¯»^_En»+678¡n1zy¹�,�¢«£_¤¥=,ì-_ÎÏ�©ýþ²´µp¶'

8

()*+,-_stuvwx'

ylz+{|,d_}~'

ylz+{|,d_}~'

8°p()*+,-v¯û©��}~°q²´µp¶'

! �K%WH�T''! �K%WH�T �.)�l()ÑúÍ''! �K%$�''! !H#�JKT''! ��Q�!''! �JUU�!�''! RP�'

�K%WH�T Z_()*+,-'

�K%WH�TZ_()*+,-'

]_+Azh¯»s§P ()*+,l,�Ùp��K%WH�T Z_()*+,-vnopqÐÑ°¾¢¶�.)�l()�()*+,-��Ù¢«k»[äÕ²_()*+,-éyb4)GÉ(�)+()*+,-³òIð(DÙEª¾¢¶'

p¥5'678 �� 6787> _2,34)¬¯»�K%WH�T'R"" ¯»�""7QH%]{S(-¬�{|-+¬��nÊËµøqp¾°�¶67879 ¡��»]_{S(-¬�{|-+¬Å�nÊËµøqp¾¢¶�û_�eÎÏ�©ýþ²´µp¶'

! 678 �� 6787> _2,34)� 67879 �¸_2,34)n1zy¹�,�¢«k»�K%WH�T'R"" ¯¿%E_��/Å�n°¾¢¶'

! 67879 �¸_2,34)�%'n()*+,-¢«k»�K%WH�T'R"" ¯�{|-+¬�!P¥¦¬��nÊËµø¾¢¶Å�¬()*+,-¢«íî¯»!H�§¨�.RHH'ïTKU�UQ �.)��Ù°q+�.)�l()��K%WH�T Z_()*+,--_Ñún~�q/Ë°¾¢¶'

�e5'!"#$%& _ 9>wz+2,34)� C6wz+ylz+{|,d_�K%WH�T ¬Â °³p¬²´µp¶¤'³Ôä C6wz+_ !"#$%&'¯ C6wz+:,�ö;1Â °q²´µp¶9>wz+2,34)¬�Ù¢«íîk0$q`'ð¯«�n12µø¾¢¶'

SplunkR^"E\_O>O:`a

!"#$%&'�K%WH�T ()*+,l,�Â ¢«k»!"#$%& �Â ¢«À,Á,�}3éyb4)ð4��ø¾¢¶'

9

!"#$%& � �HQ�#'!ITNUïÀ,Á,¬()*+,-¢«k»Æ,J-.b)n*«�e³ÎÏ_�q¾�¯�5��n1hm*ð¤'¬¢¶Á6»�HQ�#'!ITNUïÀ,Á,¯»¥ºun¼_�K%WH�T .b)nB°qÛ7�á�³p[\�Á()µøqp¾¢¶^VU%N'�HLT ê��P ��q¼_.b)_Ô{|,.)*Jö)®�ýþÒ�»¾�¯Æ¹{S(-Ù_Õz+�,h8��ýþÒ�ÎËð*«íî¯»�È()1Jö)+�»¼¢«Òeð*ä¾¢¶^_1Jö)+¯Æ,J-´�9¾�¯yz¬*ä»!"#$%& n4��pR��,®Z_7DðÒe¬¢¶!"#$%& n4�«7Ôð�úZ³íî¯»1Jö)+½n:,_�K%WH�T �È()´�9n(;<²´µp¶'

> o_ !"#$%& É,w*n1�ÔÒe³7Ô'

T"#$%&WÉ,w*nÒe³À,Á,7D5'

! !"#$%& ()*+,-��h+èZ_{-�)+Æ,-''! {lz+{S(-Z_ýþÒþ1hm*''! É,w*k°qÆ¹é)¢«%¤''! 2zi34\k°qÆ¹é)¢«%¤''! yÆm*�ë-+,h)_öxà�''! é2�,c�)¹b*cd_��k°q&'¢«%¤''! +l2,*i;zh�2(Ô*¢«%¤'

!"#$%&�UNÉ,w*nÒe³À,Á,7D5'

! !"#$%& ()*+,-��h+èZ_{-�)+Æ,-''! É,w*k°qÆ¹é)¢«%¤'

�e5()*+,-!»!"#$%& �Â ¢«À,Á,�=¿¢«íî¯»ÒYÊË°�À,Á,ðÒe³%¤�>á°qp«]k»µ�nÀ,Á,ð$SPLUNK_HOME/var��h+èZ_{-�)+Æ,-�ZW°qp«]k�Z[°q²´µp¶'

�kq()*+,-¢«£nË¾��À,Á,?�/Ë°�íî'

()*+,-_£n@��À,Á,�ÛË°q°¾��íî¯»^ø�A�« >o_÷zy1zyVl,Èzm,3ð©ªµø¾¢¶()*+,-�BC°�!»ù�/ªn~�qÅ°pÀ,Á,nÄÅ°q²´µp¶ÒY !"#$%& ��¢«En �q²´µp¶'

s§P()*+,l,��'!"#$%&'_()*+,-'

�K%WH�T ()*+,l,¯�!P {S(-n*ä¾¢¶'

F7 ()*+,l,��¢«n¯»splunk.msi{S(-�õ\-hèzh°¾¢¶'

DEÔÕ-ð©ªµø¾¢¶'

>7 ()*+,-�èé¢«n¯»YZ�hèzh°¾¢¶'

10

p¥5'F6º_YZ�hèzh¢«kY_F6nGþ»H«�hèzh¢«kE_F6nHä¾¢¶'¾�gj)m-�hèzh¢«k()*+,l,ðgj)m-µø¾¢¶'

l(m)*F6ð©ªµø¾¢¶'

97 l(m)*ýþÍ�ýþ»ôl(m)*ýþo,ny¥¢«ô�}~°¾¢¶YZ�hèzh°q()*+,-�ß °¾¢¶'

IJÎÏF6ð©ªµø¾¢¶'

67 Òe³8��àá°q��»YZ�hèzh°¾¢¶'

��K{|-õF6ð©ªµø¾¢¶'

p¥5'!"#$%& ¯»�{|-+n[ä\Program Files\Splunkn()*+,-µø¾¢¶'

·7 =¿�hèzh°q»!"#$%& �()*+,-¢«½_í>�/Ë¢«»¾�¯YZ�hèzh°q�{|-+�(L°¾¢¶'

Æ¹é)ÎÏF6ð©ªµø¾¢¶'

!"#$%& ¯»>o_�K%WH�T É,w*»'T"#$%&W'©[L'T"#$%&�UN'�()*+,-©[LÂ °¾¢¶]_É,w*¯»]_F6¬/Ë°�À,Á,¬()*+,-©[LÂ µø¾¢¶Æ,J-b*cdMú¬!"#$%& �Â ¢«»¾�¯ÛË_1Jö)+�/Ë¢«�ð}~¬x¾¢¶1Jö)+¯»¼_.b)��,®�NU¢«íî¯»+Ob(cde:fghi7jklmnIJfX:opqrsBEF

!"#$%& �Â ¢«À,Á,n¯ûü�Â ¬x«7ÔðÒe¬¢¶'

" É,w*k°qÂ ¢«''" OPÙ_ÊË{S(-�ýþÒ�''" `'¾�¯¼_��P �,®�NU¢«''" !"#$%& _��h+ènÍxÒ�''

p¥5Æ,J-b*cdÀ,Á,k°q()*+,-¢«íî»��_Õz+�,hèô,*� !"#$%& 1yèa,b4)[ä(DÙEª³píîð*ä¾¢¶¾�»��P èq,+[M¯&'°¾��¶]_À,Á,¯ %$##Mú�áo�k»gh�K%WH�T É,2,¯^_[\³ùß�Å�k°¾¢¶��P ¬¤'kµø�Æ,J-�,®_NU_þ(DÙ¤'¬¢¶/Ë¢«À,Á,ð�úZ³íî¯»:,_b*cd´�9n(;<²´µp¶'

C7 À,Á,®(y�}~°q»YZ�hèzh°¾¢¶'

�e5'��¾�¯¿%¢«íî»]_ÎÏ¯»èè,*Ë¬Q�unRSµø³p�k»!"#$%& �Â ¢«À,Á,�£/Ë¢«Òeð*ä¾¢¶'

Æ,J-b*cdÀ,Á,�/Ë°�íî¯»*czy AnGþ¾¢¶^ø�R_íî¯»Æ¹é)ÎÏ5'À,Á,?kÔ*�,��àáF6ð©ªµø¾¢¶'

r7 À,Á,?kÔ*�,��/Ë°q()*+,-°»!"#$%& ��°q��»YZ�hèzh°¾¢¶'

11

p¥5'3X_À,Á,��Ù¢«íî¯»À,Á,?K©[L�È()8��àá¾�¯��¬x¾¢¶!"#$%& ¯»��TÝ®)�U°q��³À,Á,�}~°q²´µp¶^_À,Á,ðmg0èc��)ch*+nXü°³p»¾�¯À,Á,?�@�qàá°��knÀ,Á,�\lö�¬x³pk»()*+,-nVW°¾¢¶��³À,Á,?©[LÔ*�,�³°¬ !"#$%& ��¢«]k¯¬x¾��¶o¾ä»��¢« X¬À,Á,ðÅ°p]k�Z[°qp¾¢¶'

()*+,-EÉ.è,F6ð©ªµø¾¢¶'

A7 ()*+,-�hèzh°qKnGþ¾¢¶'

()*+,l,�Â °»()*+,-BCF6ð©ªµø¾¢¶'

YZ5'()*+,-v¬Ë¾��À,Á,�/Ë°q°¾��íî¯»^ø�Ñú¢«÷zy1zyVl,ð >o©ªµø¾¢¶]øðÂb¢«k»!"#$%& ¯�{|-+¬Æ,J-b*cdÀ,Á,¬()*+,-°¾¢¶'

]_íî !"#$%& ¯»Q�un��µø¾��¶()*+,-_1[F6¾¬Gþ»¢$q_Ýzh*�i;zh°�¾¾n°¾¢¶^_!»nÞ³/ªn~�q»!"#$%& ��¢«EnÅ°pÀ,Á,nÞä\�q²´µp¶'

?7'^_!»!"#$%&��k!"#$%&'�UN��_Ýzh*�i;zh°¾¢¶BC�hèzh°¾¢¶'

()*+,-ðBC°»!"#$%&'ð��°q»É÷,+¢«\löÁ�� !"#$%&'�UNðèé°¾¢¶''

p¥5'()*+,-!»�kq Splunk Webn1hm*¢«kx¯»%tu(v_O>Ow admin kÔ*�,�'changeme ¬Æ¹()°¾¢¶'

�UN\löÁ��!"#$%&èé'

�Ù.b)¬ !"#$%& ��°�!n !"#$%&'�UNn1hm*¢«íî¯»'

! *®,+ëyÆ¹ldë!"#$%&'_n !"#$%& 1(�)�hèzh°¾¢¶'

¾�¯'

! �UN;<=>Rxyz/http://localhost:80007!{UDEF''

�{|-+__O>Ow admin'kÔ*�,�'changeme ¬Æ¹()°¾¢¶¤'³Ôä]pst¬»´�9Ô*�,��=¿°»^ø�ÈqÍxWX°q²´µp¶'

]ø¬ !"#$%& ��Ù¢«^_ð`p¾°�¶!"#$%& _�pÀnopq¯»À,Á,./01-��÷n°q²´µp¶'

!"#$%&'�UN'D|5'T"#$%&W'.O}K~Ov:��'

!"#$%&'�UNÉ,w*¾�¯ T"#$%&W É,w*�½_÷,+¬�Ù¢«íî¯»�{|-+�=¿°¾¢¶''

! T"#$%&'�UN'É,w*÷,+�=¿¢«íî'

$SPLUNK_HOME/bin/'��h+è¬»splunk set web-port #### �Â °¾¢¶

12

! T"#$%&W'É,w*÷,+�=¿¢«íî''

$SPLUNK_HOME/bin/'��h+¬»splunk set splunkd-port ####'�Â °¾¢¶'

P^abmg0èc�_÷zy1zy_cç'

P^abmg0èc�_÷zy1zy�cç¢«n¯»ûü_§S� � P^`_()+lÕz+¹-,y¾�¯B�ndÉ_öª«¹-,y_þn"#°¾¢¶'

! e$KQ&WJ��7T"#$%&7QHï''! �Ù¢« !"#$%& ()*®)*_§S�''

l(m)*_()*+,-¾�¯¿%'

!"#$%& �%°²()*+,-¢«»¾�¯½_l(m)*®(ynÞä\�«íî¯»ÒYl(m)*�()*+,-¢«»¾�¯¿%°³ªø±³ä¾��¶'

!"#$%&_1)()*+,-'

!"#$%& �1)()*+,-¢«n¯»�)+Æ,-ÔÕ-_yÆ¹ld_"#kúåéyb4)��Ù°¾¢¶''

�.)�l()��K%WH�T Z_()*+,-'

�.)�l()��K%WH�TZ_()*+,-'

]_+Azh¯»�.)�l()��Ù°q !"#$%& ��K%WH�T n()*+,-¢«vnopqÐÑ°¾¢¶'

�e5'!"#$%&9>wz+2,34)¯ C6wz+ylz+{|,dº_�K%WH�T ¬Â °³p¬²´µp¶¤'³Ôä»C6wz+:,�ö;1¬ C6wz+_ !"#$%& �Â °q²´µp¶9>wz+2,34)��Ù¢«íîk0$q`'ð¯«�n12µø¾¢¶'

p¥5''678 �� 6787> _2,34)¬¯»�K%WH�T'R"" ¯»�""7QH%]{S(-¬�{|-+¬��nÊËµøqp¾°�¶67879 ¡��»]_{S(-¬�{|-+¬Å�nÊËµøqp¾¢¶�û_�eÎÏ�©ýþ²´µp¶'

! 678 �� 6787> _2,34)� 67879 �¸_2,34)n1zy¹�,�¢«k»�K%WH�T'R"" ¯¿%E_2,34)_��/Å�n°¾¢¶'

! 67879 �¸_2,34)�%'n()*+,-¢«k»�K%WH�T'R"" ¯�{|-+¬�!P¥¦¬��nÊËµø¾¢¶Å�¬()*+,-¢«íî¯»!H�§¨�.RHH'ïTKU�UQ �.)��Ù°q]_+Azh¬!fµø«Ñún~�q/Ë°¾¢¶'

' '

13

!"#$%&�Â ¢«À,Á,_}~'

!"#$%&'�K%WH�T ()*+,l,�Â ¢«k»!"#$%& �Â ¢«À,Á,�}3éyb4)ð4��ø¾¢¶'

!"#$%& � �HQ�#'!ITNUïÀ,Á,¬()*+,-¢«k»Æ,J-.b)n*«�e³ÎÏ_�q¾�¯�5��n1hm*ð¤'¬¢¶Á6»�HQ�#'!ITNUïÀ,Á,¯»¥ºun¼_�K%WH�T .b)nB°qÛ7�á�³p[\�Á()µøqp¾¢¶^VU%N'�HLT ê��P ��q¼_.b)_Ô{|,.)*Jö)®�ýþÒ�»Æ¹{S(-Ù_Õz+�,h8��ýþÒ�ÎËð*«íî¯»�È()1Jö)+�»¼¢«Òeð*ä¾¢¶^_1Jö)+¯Æ,J-´�9¾�¯yz¬*ä»!"#$%& n4��pR��,®Z_7DðÒe¬¢¶!"#$%& n4�«7Ôð�úZ³íî¯»1Jö)+½n:,_�K%WH�T �È()´�9n(;<²´µp¶'

> o_ !"#$%& É,w*n1�ÔÒe³7Ô'

T"#$%&W É,w*nÒe³À,Á,7D5'

! !"#$%& ()*+,-��h+èZ_{-�)+Æ,-''! {lz+{S(-Z_ýþÒþ1hm*''! É,w*k°qÆ¹é)¢«%¤''! 2zi34\k°qÆ¹é)¢«%¤''! yÆm*�ë-+,h)_öxà�''! é2�,c�)¹b*cd_��k°q&'¢«%¤''! +l2,*i;zh�2(Ô*¢«%¤'

!"#$%&�UNÉ,w*nÒe³À,Á,7D5'

! !"#$%& ()*+,-��h+èZ_{-�)+Æ,-''! É,w*k°qÆ¹é)¢«%¤'

�e5'()*+,-!»!"#$%& �Â ¢«À,Á,�=¿¢«íî¯»ÒYÊË°�À,Á,ðÒe³%¤�>á°qp«]k»µ�nÀ,Á,n$SPLUNK_HOME/var��h+èZ_{-�)+Æ,-ð*«]k�Z[°q²´µp¶'

()*+,-_£n@��À,Á,�/Ë¢«k !"#$%& ¯»��°¾��¶]øðÂb°�íî !"#$%& ¯»�{|-+¬Æ,J-b*cdÀ,Á,k°q()*+,-°¾¢¶ÒY !"#$%& ��¢«EnnÞ³/ªn~�qÅ°pÀ,Á,nÄÅ°q²´µp¶'

�.)�l()��!P_�pÀ'

�û�àá¢«k�.)�l()¬�!P ��q !"#$%& ��K%WH�T n()*+,-¬x¾¢¶'

msiexec.exe /i Splunk.msi

]_mhb4)¯»]_g:n�Ù¤'³{l¹��0°»^_ÊË>�p²o�hi°¾¢¶'

ûü�/Ë¬x¾¢¶'

14

! ()�zh*¢«G°³pI�K%WH�T (ë)+Æ¹'! OP¢«�K%WH�T �3*+è:(\'! »äj¢��P ÎÏ'! !"#$%& �Â ¢«À,Á,G/Ë¢«À,Á,ðnÞ³7Ô�ák»!"#$%& n()�zh*µ�«�)c)+n1hm*ð*«]k�Z[¢«I¶'

! !"#$%& ¬��n¢«1yèa,b4)n�¾ø��){��0�,b4)G!"#$%& l(+{|�,õ³òI'

! ()*+,-BC!n !"#$%& �Q��¢«�ò\�'

p¥5'()*+,-!»�kq !"#$%&'�UNn1hm*¢«kx¯»%tu(v_O>Ow admin'kÔ*�,�'changeme'�ÙpqÆ¹()°¾¢¶'

BC{l¹'

�.)�l()��Ù°q !"#$%& ��K%WH�T n()*+,-¢«kxn�Ù¤'³{l¹_�0��ûnª°¾¢¶'

]_{l¹¯»()*+,-¢«��h+è�/Ë°¾¢¶�{|-+¯»c:\program files\splunk¬¢¶'

! P¨!ñR��PSlm��h+è_Ô*ë''

]_{l¹¯»splunkd'©[L'splunkweb'ð�Ù¢«nõä_÷,+�/Ë°¾¢¶'

! !H�§¨��.H�Sñlm÷,+·¸ë''! �^�.H�Sñlm÷,+·¸ë''

]_{l¹¯»!"#$%& ð*«ÛË_�K%WH�T (ë)+Æ¹�()�zh*¢«�o��/Ë°¾¢¶''

! �P¨^Q^¨ñ��sRHHGt^G�lF�8O'�{|-+¯ H]]''! �P¨^Q^¨ñ��s!^GGt^G�lF�8O'�{|-+¯ H]]''! �P¨^Q^¨ñ��s!p!Gt^G�lF�8O'�{|-+¯ H]]''! �P¨^Q^¨ñ��s��Gt^G�lF�8O'�{|-+¯ H]]'! �P¨^Q^¨ñ��s!^ñGt^G�lF�8O'�{|-+¯ H]]'

]_{l¹¯»!"#$%& ð�K%WH�T �3*+è§!^S:(\�()�zh*¢«�o��/Ë°¾¢¶�{|-+¯'8'Gé{I'¬¢¶'

! S^sP!ñSpGt^G�.§lF�8''! S^sP!ñSpGt^G�.�R!^�P¨^.§lF�8''

]_{l¹¯»!"#$%& ð�K%WH�T �3*+è �HQ�#��QMK%U:(\�()�zh*¢«�o��/Ë°¾¢¶�{|-+¯'8'Gé{I'¬¢¶'

! S^sP!ñSpGt^G�.��lF�8''! S^sP!ñSpGt^G�.�R!^�P¨^.��lF�8''

15

]_{l¹¯»()�zh*¢«��P`'ÎÏ�/Ë°¾¢¶�{|-+¯'8'Gé{I'¬¢¶'

! ��PGt^G�.GH§ñP�^lF�8''! ��PGt^G�.��GR��P!�lF�8''! ��PGt^G�.�S^^�P!�lF�8''! ��PGt^G�.�^��SplF�8''

]_{l¹¯»!"#$%& �Â ¢«À,Á,�/Ë°¾¢¶É÷,+µø«q¯»�HQ�#!ITNUï À,Á,ð F»^_¼_À,Á,¯ >¬¢¶�{|-+q¯ F¬¢¶'

! S�s.��s�¨.P¨��.§!^S.G�¨ñ^�ñlF�>''

]_{l¹¯»S�s.��s�¨.P¨��.§!^S.G�¨ñ^�ñ n/Ëµøqp«À,Á,n�È()�À,Á,?©[LÔ*�,�ÎÏ�°±°¾¢¶ôWHï�K%r$TUJ%�ïUô{|,.z+¬¯ÒY»À,Á,?k8n�È()//Ë°¾¢¶'

! P!.¨^ñ.RHP.��s�¨.§!^S¨R�^lôm�È()rÀ,Á,?ëô''! P!.¨^ñ.RHP.��s�¨.HR!!��S�lômÔ*ëô''

]_{l¹¯»!"#$%& 1yèa,b4)n�¾ø«�){��0�,b4)� !"#$%& n()*+,-¢«��/Ë°¾¢¶ûüm!"#$%&R""ë�É÷,+¢«éyb4)¯»!"#$%&�KLMN�HJ��JWUJ»!"#$%&�HJ��JWUJ»!"#$%&�UT&NH" ¬¢¶'

{|�,õnù¢«8°pÎÏ¯ !"#$%& {|�,õ©[Ll(+{|�,õ��){��0�,b4)nopq_ÐÑ��°q²´µp¶]]¬»!"#$%& {|�,õ¾�¯l(+{|�,õ_òk��/Ë¢«_¬*ø±»��S�RS�.!^SQ^SlômTUJVUJ5"HJNëô//Ë¢«Òeð*ä¾¢¶'

! !H�§¨�.RHHlm!"#$%&R""ë''

!"#$%& _�*h+zy1yèa,b4)_�){��0�,b4)¯»�K%WH�T n()*+,-¢«£»�{|-+¬Å�nµøqp¾¢¶()*+,-BC!»SPLUNK.RHH{l¹¬½_1yèa,b4)�/Ë¢«»¾�¯ !"#$%&�UT&NH" 1yèa,b4)��n°q=¿¬x¾¢¶�²1yèa,b4)³°¬ !"#$%& �()*+,-¢«n¯»qns//Ë�Yn]_{l¹�/Ë°¾¢G'SPLUNK_APP=ôô'I¶'

!"#$%& {|�,õ¾�¯l(+{|�,õ_pYø��n¢«�kn !H�§¨�.RHH��Ù¢«íît_þt»]_{l¹��p¾¢¶]_{|�,õð�,®�äd¢«K_ !"#$%& É,2,_É,2,k÷,+�/Ë°¾¢¶'

! ��S�RS�.!^SQ^SlômTUJVUJ5"HJNëô''

]_{l¹¯»()*+,-BC!n !"#$%& �Q�un��¢$x�o��/Ë°¾¢¶�{|-+q¯»F'Gé)I'¬¢¶'

! �R§¨Gt!H�§¨�l8�F'

�e5'!"#$%& {|�,õ��n¢«k»!"#$%& ¯Q�un��°¾¢¶]ø�Å�n¢«]k¯¬x¾��¶'

16

É(�)+()*+,-'

Åu¬()*+,-�Â ¢«n¯»()*+,-�.)�$vw_1!n/quiet�#�¾¢¶:,b*cdð»§RGG=¢�{|-+¬é)nÊËµøqp«I�Â ¢«íî¯»ÒY´�9¬()*+,-°q²´µp¶^_�kn¯»QïWyÆ)y+�èp�£»Úhèzh°q»ôxy9k°qÂ ô�}L¾¢¶Yn QïWF6��»É(�)+()*+,-�.)��Â °¾¢¶'

>'

�ûn{l¹�ØÙ°�>�p²o�hi°¾¢¶'

!"#$%&�Æ,J-b*cdÀ,Á,k°qÂ ¢«�k_()*+,-'

msiexec.exe /i Splunk.msi RBG_LOGON_INFO_USER_CONTEXT=1

À,Á,ðz¢«À,Á,?k�È()_/Ë'

msiexec.exe /i Splunk.msi SPLUNK_APP="SplunkForwarder" RBG_LOGON_INFO_USER_CONTEXT=2 IS_NET_API_

!"#$%&�HJ��JWUJ��n°»�K%WH�T'!ITNUï(ë)+Æ¹_()�zh*�Å�n°qÉ(�)+q,�¬()*+,l,�Â '

msiexec.exe /i Splunk.msi SPLUNK_APP="SplunkForwarder" FORWARD_SERVER="<server:port>" WINEVENTLOGSYSCHECK=

"<server:port>ô¯»]_.b)ð�,®�ä{¢«K¬*« !"#$%& É,2,_É,2k÷,+_í>�ª°¾¢¶'

�UN\löÁ��!"#$%&��'

�Ù.b)¬ !"#$%& ��°�!n !"#$%&'�UNn1hm*¢«íî¯»'

! *®,+ëyÆ¹ldë!"#$%&'_n !"#$%& 1(�)�hèzh°¾¢¶'

¾�¯'

! �UN;<=>Rxyz/http://localhost:80007!{UDEF'

�{|-+__O>Ow admin'kÔ*�,�'QhangeïU'�ÙpqÆ¹()°¾¢¶¤'³Ôä]p=Ón´�9Ô*�,��=¿°»^ø�ÈqÍxWX°q²´µp¶'

]ø¬ !"#$%& ��Ù¢«^_ð`p¾°�¶À,Á,./01-��÷n°q»!"#$%& �(ØÙûµp¶'

!"#$%&�*h+zy1yèa,b4)_ÊË'

!"#$%& ��K%WH�T .b)n()*+,-¢«k»!"#$%& �*h+zy1yèa,b4)_ÊË¯�{|-+¬Å�¬¢¶!"#$%& �*h+zy1yèa,b4)_ÊËnù¢«8��(Z[²´µp¶]_+Azh¬Ef°�k©ä»nÞ³�.)�l()()*+,-{l¹�Ùpø±�{|-+¬]_1yèa,

17

b4)��n¢«]kð¬x¾¢¶'

P^abmg0èc�_÷zy1zy_cç'

P^abmg0èc�_÷zy1zy�cç¢«n¯»P^`_()+lÕz+¹-,y¾�¯B�ndÉ_öª«¹-,y_þnûü_§S� �"#°¾¢¶'

! e$KQ&WJ��7T"#$%&7QHï''! �Ùµøqp« !"#$%& ()*®)*_§S�''

l(m)*_()*+,-¾�¯¿%'

!"#$%& �%°²()*+,-¢«»¾�¯½_l(m)*®(ynÞä\�«£¯»ÒYl(m)*�()*+,-¢«¾�¯¿%°³ªø±³ä¾��¶'

!"#$%&_1)()*+,-'

! !"#$%& �1)()*+,-¢«n¯»�)+Æ,-ÔÕ-_yÆ¹ld_"#kúåéyb4)��Ù°¾¢¶''

! ¾�»�.)�l()�� msiexec/Â ¬x¾¢¶'

�K%$� Z_()*+,-'

�K%$�Z_()*+,-'

SH�¾�¯�^�Ôza,3»µ�n®,Ý,-�Ùpq �K%$� n !"#$%& �()*,-¬x¾¢¶'

SUWt�N¬SH��()*+,-'

�{|-+��h+è_/opt/splunkn !"#$%&'SH��()*+,-¢«íî'

rpm -i splunk_package_name.rpm

½_��h+èn !"#$%& �()*+,-¢«n¯»MMprefix{l¹��Ù¢«íî'

rpm -i --prefix=/opt/new_directory splunk_package_name.rpm

SH��Ùpq¢¬n()*+,-µøqp« !"#$%& �¿%¢«íî'

rpm -U splunk_package_name.rpm

½_��h+èn¢¬n()*+,-µøqp« !"#$%& �¿%¢«n¯»MM"JU]K� {l¹��Ù¢«íî'

rpm -U --prefix=/opt/new_directory splunk_package_name.rpm

&KQ&TN�JN �ÙpqQ�unSH�()*+,-�Â ¢«íî¯»ûü� &KQ&TN�JN {S(-n"#°¾¢¶'

./splunk start --accept-license

./splunk enable boot-start

p¥5'> X¯ &KQ&TN�JN {S(-Ù_éyb4)¬¢¶'

18

�UNK�%¬�^��()*+,-'

!"#$%&'�^�Ôza,3�()*+,-¢«íî'

dpkg -i splunk_package_name.deb

p¥5'!"#$%&'�^�Ôza,3¯�{|-+Æa,b4)_/opt/splunk_þn()*+,-¤'¬¢¶'

®,Ý,-_()*+,-'

�K%$� b*cdn !"#$%& �()*+,-¢«n¯»nÞ³��h+èZ®,Ý,-�ab°¾¢¶�{|-+()*,-��h+è¯/opt/splunk¬¢¶'

®,Ý,-�Ùpq()*+,-¢«íî'

! !"#$%& ¯»splunkÀ,Á,�Q�:;°¾��¶!"#$%& �ÛË_À,Á,¬Â ¢«íî¯»ÒYv�¬^_À,Á,�:;°q²´µp¶'

! ()�zh*�|á°�¾¾¿}~Ýè0,d�,®�Wá¢«íî¯»��*hÔ,c�b4)n��³a�ð*«�Z[°q²´µp¶'

()*+,-_`a_Z['

!"#$%& Ôza,3µ¶'

dpkg --status splunk

�Ôza,3_è*+'

dpkg --list

!"#$%&_��'

!"#$%& ¯Æ,J-b*cd¬À,Á,�/Ë°qÂ ¬x¾¢¶!"#$%& �¿-,+_O>OB^"E\��5/!"#$%& n/Ë°�àá_ýþÒþnnÞ³7Ôð4��øqp«�(Z[²´µp¶¿-,+_O>O?Uz !"#$%& �Â ¢«�k_8�¯ÑúÍ��÷°q²´µp¶'

�.)�l()()®{;,*�i !"#$%& ��¢«íî¯»ûü_�.)��Â °¾¢¶'

$SPLUNK_HOME/bin/splunk start

ÌÍ¬¯�û�ØÙ°¾¢¶'

! $SPLUNK_HOME¬»!"#$%& ()*+,-Z_Ô*�Z[°¾¢¶''! $SPLUNK_HOME/bin/¬»�.)�l()()®{;,*_í>�©ª°¾¢¶'

��éyb4)'

%°²()*+,-°�!»!"#$%& ��kq��¢«kx¯»l(m)*ýþo,ny¥¢«Òeð*ä¾¢¶!"#$%& _��kl(m)*ýþ_y¥¯ F�¬ �¾¢¶'

$SPLUNK_HOME/bin/splunk start --accept-license

p¥5'accept-licenseéyb4)_En¯õzb0ð >o*ä¾¢¶'

19

!"#$%&'�UN_èékÆ¹()'

!"#$%& ��°ql(m)*ýþny¥°�!n�û� p¾¢¶'

F7 \löÁF6[ä»http://<hostname>:port�� !"#$%&'�UNZ1hm*°¾¢¶'! Hostname¯»�*+.b)¬¢¶''! PorN ¯»()*+,-¬/Ë°�÷,+¬¢G%tu(v~Ov·¸¯»A888I¶'

>7 ÅÆl(m)*¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏ�àá°³²q/ !"#$%&'�UNð��°¾¢¶V)®,yl(�¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏG�{|-+»À,Á,? admin

kÔ*�,� changemeI�àá°q�� !"#$%&'�UNð��µø¾¢¶'

!"#$%&_1)()*+,-'

Æ,J-Ôza,3´��.)��DÙ°q»!"#$%& �1)()*+,-°¾¢¶�k�ò_íî»1�nÔza,3��()*+,-µø³��{S(-¯|áµø¾¢¶]ø�_{S(-n¯()*+,-��h+èn*«�){��0�,b4)ê()�zh*nù¢«{S(-ð�¾ø¾¢¶'

Ôza,3´��.)�ð�Ù¬x³píî¯»!"#$%& _�)÷,Õ)+_v�1)()*+,-nopq_ÑúÍn~�q²´µp¶'

SUWt�N'�K%$�'

SUWt�N ¬ �K%$� �1)()*+,-¢«íî'

rpm -e splunk_product_name

�UNK�%'�K%$�'

�UNK�% ¬ �K%$� �1)()*+,-¢«íî'

dpkg -r splunk

��G�){��0�,b4){S(-��q�úåI'

dpkg -P splunk

!H#�JKT Z_()*+,-'

!H#�JKTZ_()*+,-'

]_+Azh¯ !H#�JKT Z !"#$%& �()*+,-¢«vnopqÐÑ°¾¢¶''

!"#$%&_()*+,-'

H�s{S(-¾�¯®,Ý,-k°q !H#�JKT � !"#$%& Z()*+,-¬x¾¢¶'

H�s{S(-_()*+,-'

20

H�s()*+,-Ôza,3n¯»!"#$%& �()*+,-¢«Enp²o�_�6n��«[\Ð¢èhV*+{S(-ð�¾øqx¾¢¶''

pkgadd -d ./splunk_product_name.pkg

DÙ¤'³Ôza,3ð�0©ªµø¾¢¶'

! ��¢«Ôza,3�}~°¾¢G�{|-+¯ô�qôI¶''

Yn()*+,l,ðë,*()*+,-��h+è�/Ë¢«[\Ð°¾¢¶'

! �{|-+��h+è�opt/splunkn()*+,-¢«íî¯»\l)h_¾¾n°¾¢¶'

H�s{S(-_¿%'

H�s{S(-��Ù°q¢¬n()*+,-µøqp« !"#$%& �¿%¢«íî¯»%'n()*+,-¢«kxkyð�.)�l()�ØÙ°¾¢¶'

pkgadd -d ./splunk_product_name.pkg

=¿°�{S(-�ºÍx¢«[\Ðµø¾¢_¬»�qnî¯pîk��¾¢¶'

É(�)+¿%�Â ¢«íîGµ�n�{S(-ºÍxnî¯pîk��«Òeð³píîI¯»ûü�àá°¾¢¶'

pkgadd -n -d ./splunk_product_name.pkg

®,Ý,-_()*+,-'

!H#�JKT b*cdn !"#$%& �()*+,-¢«n¯»nÞ³��h+èZ®,Ý,-�ab°¾¢¶�{|-+¬¯»!"#$%& ¯/opt/splunkZ()*+,-µø¾¢¶'

®,Ý,-¬()*+,-¢«íî»'


! IJ%-QKR�pU|DD��&O�%OPR�pE\��5/%�KQ�O��J

7��l��q�\�?R��Uz��hyF

()*+,-_`a'

!"#$%& Ôza,3ÎÏ'

pkginfo -l splunk

�Ôza,3_è*+'

pkginfo

!"#$%&_��'

!"#$%& ¯Æ,J-b*cd¬À,Á,�/Ë°qÂ °¾¢¶!"#$%& �¿-,+_O>OB^"E\��5/!"#$%& n/Ë°�àá�ýþÒ��knnÞ³7Ôð4��øqp«�Z[°¾¢¶¿-,+_O>

21

OB !"#$%& �Â ¢«�k_8�¯ÑúÍ��÷°q²´µp¶'

�.)�l()()®{;,*�i !"#$%& ��¢«£¯»ûü_�.)��Â °¾¢¶'


ÌÍ¬¯�û�ØÙ°¾¢¶'

! $SPLUNK_HOME¬»!"#$%& ()*+,-Z_Ô*�Z[°¾¢¶''! $SPLUNK_HOME/bin/¬»�.)�l()()®{;,*:�oR��UDEF

��éyb4)'




!"#$%&'�UN_��kÆ¹()'

!"#$%& ��°ql(m)*ýþny¥°�!»�û� p¾¢¶'

F7 \löÁF6[ä»MNN"5��ïIT"#$%&MHTN5"HJN �� !"#$%&'�UNZ1hm*°¾¢¶'! mysplunkhost¯»�*+.b)¬¢¶''! port¯»()*+,-ÃnÛË°�÷,+¬¢GA888I¶'

>7 ÅÆl(m)*¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏ�àá°³²q/ !"#$%&'�UNð��µø¾¢¶V)®,yl(�¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏG�{|-+»À,Á,? admin

kÔ*�,� changemeI�àá¢«k !"#$%&'�UNð��µø¾¢¶'

!"#$%&_1)()*+,-'


pkgrm splunk

��Q'�! Z()*+,-'

��Q'�!Z()*+,-'

��Q'�!_�¶¯»��sÔza,3k®,Ý,-_ >½Ä¬¢¶ûü¯^_ÐÑ¬¢¶'

! ��s{S(-��¹l{�J-G¯ÌI©[L�.)�l()��()*+,-'! ®,Ý,-��()*+,-'

22

¹l{�J-()*+,-'

F7 ��s{S(-�õ\-hèzh°¾¢¶'

T"#$%&7"&L ��{S()õF6ðèx¾¢¶''

>7 {S()õF6_ T"#$%&7"&L �õ\-hèzh°¾¢¶''

!"#$%& ()*+,l,ðèx»2,34)ê�A,l(+ÎÏ�è*+°��àð©ªµø¾¢¶'

97 ß �hèzh°¾¢¶'

()*+,-K}~_F6�èx¾¢¶'

67 í>�}�¬»!"#$%& �()*+,-°¾¢¶'! t��1(�)�hèzh°q»�{|-+��h+è_�Applications/splunkZ()*+,-°¾¢¶''

! {|-õ,_}~T�hèzh°q½_í>�}~°¾¢¶''·7 ß �hèzh°¾¢¶'

()*+,-EÉ.è,ð©ªµø¾¢¶=¿¢«íî¯»'

! ()*+,-í>_=¿�hèzh°q»%°p{|-õ�}3»¾�¯'! H«�hèzhö°qE_vnHä¾¢¶''

C7 ()*+,-�hèzh°¾¢¶'

()*+,-ðé¾ä¾¢¶gh×��ä¾¢¶'

r7 ()*+,-ðBC°��»BC�hèzh°¾¢¶'

�.)�l()��()*+,-'

F7 WïL �.ö)+'

hdid splunk_package_name.dmg

>7 ()*+,-'! -,+Ýè0,d_íî'

installer -pkg splunk.pkg -target /

! ½_��*hÔ,c�b4)_íî'

installer -pkg splunk.pkg -target /Volumes\ Disk

-target¯»!"#$%& ð�Applications/splunkn()*+,-µø«½_��*h³ò_®,³z+Ýè0,d�/Ë°¾¢¶'

y¥_Ýè0,d¬/Applications/splunk�R_��h+èn()*+,-¢«íî¯»Ef_¹l{�J-()*+,l,��Ù°¾¢¶'

' '

23

®,Ý,-_()*+,-'

��Q'�!b*cdn !"#$%& �()*+,-¢«£»nÞ³��h+èZ®,Ý,-�ab°¾¢¶�{|-+()*+,-��h+è¯/Applications/splunk¬¢¶'

®,Ý,-�Ùpq()*+,-¢«íî»'

! !"#$%& ¯»T"#$%& À,Á,�Q�:;°¾��¶!"#$%& �ÛË_À,Á,¬Â ¢«íî¯»ÒYv�¬^_À,Á,�:;°q²´µp¶'

! ()�zh*�|á°�¾¾¿}~Ýè0,d�,®�Wá¢«íî¯»��*hÔ,c�b4)n��³a�ð*«]k�Z[°¾¢¶'

!"#$%&_��'

!"#$%& ¯Æ,J-b*cd¬À,Á,�/Ë°qÂ °¾¢¶!"#$%& �¿-,+À,Á,¬Â ¢«íî¯»!"#$%& n/Ë°�àá�ýþÒ��knnÞ³7Ôð4��øqp«�Z[°q²´µp¶'

�.)�l()()®{;,*¬ !"#$%& ��¢«£¯»ûü_�.)��Â °¾¢¶'


ÌÍ¯�û�ØÙ°¾¢¶'

! $SPLUNK_HOME¬»!"#$%& ()*+,-Z_Ô*�Z[°¾¢¶''! $SPLUNK_HOME/bin/¬»�.)�l()()®{;,*_í>�©ª°¾¢¶'

��éyb4)'




!"#$%&'�UN_��kÆ¹()'

!"#$%& ��°ql(m)*ýþny¥°�!»�û� p¾¢¶'

F7 \löÁF6[ä»http://<hostname>:port�� !"#$%&'�UNZ1hm*°¾¢¶'! hostname¯»�*+.b)¬¢¶''! port¯»()*+,-ÃnÛË°�÷,+¬¢G�{|-+÷,+·¸¯»A888 ¬¢¶I'

>7 À,Á,?'admin'kÔ*�,�'changeme'�Ùpq !"#$%& nÆ¹()°¾¢¶'

l(m)*´�'

!"#$%& �%°²()*+,-¢«»¾�¯½_l(m)*®(ynÞä\�«£¯»ÒYl(m)*�()*+,-¢«»¾�¯¿%¢«Òeð*ä¾¢¶'

24

!"#$%&_1)()*+,-'


¾�¯»�.)�l()_�SPLUNK.HOME�NK% n��°q»�.)�l()n./splunk stop�àá°q$SPLUNK_HOME��h+èk^ønz¢«�q�úå°¾¢¶'

�JUU�!� Z_()*+,-'

�JUU�!�Z_()*+,-'

�JUU�!� _�¶¯»()*+,l,G·76MK%NU#Ik®,Ý,-GK9ACI_ >½Ä¬¢¶�Àk/n ñs�{S(-¬¢¶'

¯Ì()*+,-'

K%NU# ()*+,l,��q �JUU�!�Z()*+,-¢«íî'

pkg_add splunk_package_name-5.4-intel.tgz

]_íî»!"#$%& ¯�{|-+��h+è_/opt/splunk/n()*+,-µø¾¢¶'

½_��h+èn !"#$%& �()*+,-¢«íî'

pkg_add -v -p /usr/splunk splunk_package_name-5.4-intel.tgz

®,Ý,-_()*+,-'

�JUU�!� b*cdn !"#$%& �()*+,-¢«n¯»nÞ³��h+èZ®,Ý,-�ab°¾¢¶�{|-+()*+,-��h+è¯»/opt/splunk¬¢¶'

®,Ý,-�Ùpq()*+,-¢«íî»'

! !"#$%& ¯»T"#$%& À,Á,�Q�:;°¾��¶Splunk�ÛË_À,Á,¬Â ¢«íî¯»ÒYv�¬^_À,Á,�:;°q²´µp¶'

! ()�zh*�|á°�¾¾¿}~Ýè0,d�,®�Wá¢«íî¯»��*hÔ,c�b4)n��³a�ð*«]k�Z[°q²´µp¶'

()*+,-BC!'

!"#$%& ðÅ°² �JUU�!� º¬&'¢«]k�Z[¢«�kn»ÒYûü� �q²´µp¶'

F7 �û��boot/loader.conf'n"#°¾¢¶'

kern.maxdsiz="2147483648" # 2GB kern.dfldsiz="2147483648" # 2GB machdep.hlt_cpus=0

25

>7 �û�/etc/sysctl.conf'n"#°¾¢¶'

vm.max_proc_mmap=2147483647

�!�£��°q=¿�Á�µ�¾¢¶'

()*+,-_`a'

!"#$%& Ôza,3è*+_©ª'

pkg_info -L splunk

�Ôza,3_è*+'

pkg_info

!"#$%&_��'

!"#$%& ¯Æ,J-b*cd¬À,Á,�/Ë°qÂ °¾¢¶!"#$%& �¿-,+_O>OB^"E\��5/!"#$%& nÛË°�àá�ýþÒ��knnÞ³7Ôð4��øqp«�Z[°q²´µp¶'

�.)�l()()®{;,*�i !"#$%& ��¢«£¯»ûü_�.)��Â °¾¢¶'


ÌÍ¬¯�û�ØÙ°¾¢¶'

! $SPLUNK_HOME¬»!"#$%& ()*+,-_Ô*�Z[°¾¢¶''! $SPLUNK_HOME/bin/¬»�.)�l()()®{;,*_í>�©ª°¾¢¶'

��éyb4)'




!"#$%&'�UN_��kÆ¹()'

!"#$%& ��°ql(m)*ýþny¥°�!»�û� p¾¢¶'

F7 \löÁF6[ä»http://<hostname>:port�� !"#$%&'�UNZ1hm*°¾¢¶'! Hostname¯»�*+.b)¬¢¶''! Port¯»()*+,-ÃnÛË°�÷,+¬¢G�{|-+÷,+·¸¯»A888 ¬¢¶I'

>7 ÅÆl(m)*¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏ_àá°³²q/ !"#$%&'�UNð��µø¾¢¶V)®,yl(�¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏG�{|-+»À,Á,? admin

kÔ*�,� changemeI�àá°¢«k !"#$%&'�UNð��µø¾¢¶'

' '

26

l(m)*´�'

!"#$%& �%°²()*+,-¢«»¾�¯½_l(m)*®(ynÞä\�«£¯»ÒYl(m)*�()*+,-¢«»¾�¯¿%¢«Òeð*ä¾¢¶'

!"#$%&_1)()*+,-'


�{|-+Æa,b4)�� !"#$%& �1)()*+,-¢«íî'

pkg_delete splunk

½_Æa,b4)�� !"#$%& �1)()*+,-¢«íî'

pkg_delete -p /usr/splunk splunk

RP� Z_()*+,-'

RP�Z_()*+,-'

]_+Azh¯ !"#$%& � RP� ylz+{|,dn()*+,-¢«v�}(�°¾¢¶'

p¥5'1zy¹�,�¢«íî¯»ÌÍ!f_1zy¹�,�$Í�(0²´µp¶� ¢«íî¯»Âf¢«En� nù¢«p¥=,�Z[°q²´µp¶'

!"#$%&_()*+,-'

RP� ()*+,-¯®,Ý,-��¬ p¾¢¶'

®,Ý,-�Ùpq()*+,-¢«íî»'


! ()�zh*�|á°�¾¾¿}~Ýè0,d�,®�Wá¢«íî¯»��*hÔ,c�b4)n��³a�ð*«]k�Z[°q²´µp¶'

RP� b*cdn !"#$%& �()*+,-¢«£»nÞ³��h+èZ®,Ý,-�ab°¾¢¶�{|-+()*,-��h+è¯/opt/splunk¬¢¶'

RP�'·79 _íî»1%¡_É,w*Ôz¬*«]k�Z[°q²´µp¶!"#$%& n¯�û_É,w*�ë-ðÒe¬¢¶'

$ oslevel -r 5300-005

27

!"#$%&_��'

!"#$%& ¯Æ,J-b*cd¬À,Á,�/Ë°qÂ °¾¢¶!"#$%& �¿-,+_O>OB^"E\��5/!"#$%& nÛË°�àá�ýþÒ��knnÞ³7Ôð4��øqp«]k�Z[°¾¢¶¿-,+_O>O?Uz !"#$%& �Â ¢«�k_8�¯ÑúÍ��÷°q²´µp¶'

�.)�l()()®{;,*�i !"#$%& ��¢«£¯»�û_�.)��Â °¾¢¶'


ÌÍ¬¯�û�ØÙ°¾¢¶'

! $SPLUNK_HOME¬»!"#$%& ()*+,-_Ô*�Z[°¾¢¶''! $SPLUNK_HOME/bin/¬»�.)�l()()®{;,*:�oR��UDEF

��éyb4)'

%°²()*+,-�°�!»!"#$%& ��kq��¢«kx¯»l(m)*ýþo,ny¥¢«Òeð*ä¾¢¶!"#$%& _��kl(m)*ýþ_y¥¯ F�¬ �¾¢¶'



8�¯»ÌÍ_+!"#$%& ��éyb4)-��÷°q²´µp¶'

!"#$%&'�UN_��kÆ¹()'

!"#$%& ��°ql(m)*ýþny¥°�!»�û� p¾¢¶'

F7 \löÁF6[ä»http://<hostname>:port�� !"#$%&'�UNZ1hm*°¾¢¶'! hostname¯»�*+.b)¬¢¶''! port¯»()*+,-ÃnÛË°�÷,+¬¢G%tu(v~Ov·¸¯»A888I¶'

>7 ÅÆl(m)*¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏ�àá°³²q/ !"#$%&'�UNð��µø¾¢¶V)®,yl(�¡¬ !"#$%& �Â ¢«íî¯»Æ¹()ÎÏG�{|-+»À,Á,? admin

kÔ*�,� changemeI�àá°q�� !"#$%&'�UNð��°¾¢¶'

l(m)*´�'

!"#$%& �%°²()*+,-¢«»¾�¯½_l(m)*®(ynÞä\�«£¯»ÒYl(m)*�()*+,-¢«¾�¯¿%°³ªø±³ä¾��¶'

!"#$%&_1)()*+,-'


28

l(m)*_()*+,-'

l(m)*_()*+,-'

!"#$%& É,2,_()*®)*½nl(m)*_»¼ðÒe¬¢¶]_+Azh¬¯»�m !"#$%& l(m)*_¾p»l(m)*_()*+,-k¿%_lÀ»l(m)*¾ÁðÂb°�£_BCnopqÐÑ°¾¢¶'

p¥5'�yÆ(È)+¢« !"#$%& ()*®)*^ø¡ønl(m)*_ÃàðÒe¬¢¶''

l(m)*_½Ä'

!"#$%& n¯»ÅÆl(m)*kV)®,yl(�l(m)*_ >½Äð*ä¾¢¶V)®,yl(�¡_&'�ÇÙ°�píî¯»ÃàEndeÙ_V)®,yl(�l(m)*�(ÈÉ²´µp¶'

!"#$%&'y�w0,èè,*¡�de¢«íî¯»^_ÃnÒe³l(m)*ð�¾øqp¾¢¶'

p¥5'!"#$%&'67� n¯ûü»·88��V)®,yl(�deÙl(m)*ð�¾ø»�{|-+¬��nÊËµøqp¾¢¶ÅÆl(m)*¯ÿ!_èè,*¬(DÙEª«ÎË¬¢¶^_=¦��V)®,yl(�deÙl(m)*¯»(ÙÚn[äDÙ¤'k³ä¾¢¶'

ÅÆl(m)*kV)®,yl(�l(m)*'

�kq !"#$%& �õö)Æ,�¢«kx»Ï²¢«[\Ðµø¾¢¶Ï²¢«k»F<*�ä1Ñ ·88��_�,®�»äÒþ¤'³ÅÆl(m)*ðÌÍµø¾¢¶ÅÆl(m)*¯deÙl(m)*¬¯³p�k»�Ù��ÓÔð*ä¾��¶V)®,yl(�l(m)*¬¯»µ�nÕ²_a�_�,®�»äÒ�]kð¤'k³«¼n»ûü_&'ð(DÙEª¾¢¶'

! Ö×À,Á,1Jö)+k1hm*�)+Æ,-''! ��É,ik�,®-,c�)¹''! �yÆ(È)+´�''

�e5'9767> ¡��»ÅÆl(m)*¬ !"#$%& �Â °qp«À,Á,¯»{|�,õ��,®�(ª»«[\n()*®)*_ÊËð¬x«[\n³ä¾°�¶^ø�E_ !"#$%& 2,34)¬¯»À,Á,¯]_��ÊË_=¿nV)®,yl(�¡_»¼ðÒe¬°�¶'

V)®,yl(�l(m)*�Ãà¢«Enºf_&'�Ç¢íî¯»98 <Ë_deÙV)®,yl(�l(m)*�()�²´µp¶'

l(m)*½_ÛÜnù¢«8°pÎÏ¯]]�hèzh°q²´µp¶¾�»!"#$%& _ÅÆl(m)*y¥Í/©ýþ²´µp¶'

deÙl(m)*'

µ¾Ý¾³É(�©[L�ÙÓËn��ø�deÙV)®,yl(�l(m)*�()�Eª¾¢¶�{|-+deÓÔ¯ 98 <¬¢¶deÙl(m)*��ÙÃnl(m)*_ÓÔðÞøq/»!"#$%& ¯wxßx

29

�,®�()�zh*°¾¢ð»%°pl(m)*ð()*+,-µø«¾¬ÛÜ¯(DÙEª¾��¶'

y�w0,l(m)*'

!"#$%& _y�w0,èè,*n¯»¼_ !"#$%& èè,*k§à`�á�³p½½_l(m)*ðÒe¬¢¶µ�n»!"#$%& _y�w0,èè,*�deµø«Ë¯»ÅÆ¾�¯V)®,yl(�¡_l(m)*¬¯Â Eª¾��¶y�w0,l(m)*¯gh»V)®,yl(�¡_&'��n°»y�w0,èè,*_þkâÔµøqp¾¢¶'

{|�,��)¹l(m)*'

!"#$%& É,2,_�()*®)*nB°q{½nl(m)*_ÃàðÒe¬¢¶{|�,õ,l(m)*¯�.{z¬¢¶'

F7 7�T"#$%&'TNH" �� !"#$%& �æç°¾¢¶''>7 $SPLUNK_HOME/etc/splunk-forwarder.license�$SPLUNK_HOME/etc/splunk.license

n�A,°¾¢¶'97 ./splunk start�� !"#$%& ��°¾¢¶]_l(m)*¯»'

�Ù.b)��{|�,�¬x«�,®�nâÔ¯*ä¾��¶'

l(m)*_()*+,-¾�¯¿%'

¢$q_ !"#$%& É,2,¯»ÅÆl(m)*Gsplunk-free.licenseI¾�¯V)®,yl(�l(m)*Gsplunk.licenseInùõ�Yl(m)*�$SPLUNK_HOME/etc/nöx¾¢¶G�P �DÙ°q»¾�¯!"#$%&'�UN��l(m)*�()*+,-¾�¯¿%¬x¾¢¶'

!"#$%&'�UN��l()m)*_()*+,-'

F7 ´�9À,Á,¬ !"#$%&'�UNZÆ¹()°¾¢¶'>7 ´�ël(m)*_nhèzh°¾¢¶'97 l(m)*=¿�hèzh°¾¢¶'67 l(m)*g,��ä{ªq»WX�hèzh°¾¢¶'·7 È()F6_��%�LUJ ®\nHä»!"#$%&£��hèzh°¾¢¶''

�kqÂ ¢«Enl(m)*�y�b,�'

6787> ¡��»�{|-+n[ä !"#$%& ��kqÂ ¢«£»3X¢«¢$q_ 97� l(m)*�2zh1zy°q»ÊV)®,yl(�deÙl(m)*nÞä\�¾¢¶]øn[ä»%°pl(m)*�»¼¢«¾¬ÓÔÞøn³«]k³²%°p2,34)_ !"#$%& ð�Ù¬x«[\n³ä¾¢¶'

!"#$%&'6787> ¡�¸_2,34)n� °»��³ 67� l(m)*�»¼¢«k»l(m)*{S(-�y�b,�¢«]kð¬x»!"#$%&'6 ��kq��¢«£»%°pl(m)*�»äÒ�¬()*+,-°¾¢¶]øn[ä»�.b)¬ !"#$%& ��°�!»%°pl(m)*�v�¬�A,¢«Òeð³²³«

30

�k»ÛnÖ×_()*®)*��yÆ(¢«kxn¿hn�D¬¢¶'

! 6787> ¡�¸_2,34)n� °�!¯»¢�n !"#$%& ��°³p¬²´µp¶''! %°pl()m)*��!H�§¨�.t��^�UNQ�T"#$%&M$TUJ7#KQU%TU Z�A,°¾¢¶''! !"#$%& ��°¾¢¶'

�yÆ(¤'³Ôza,3�:;°qp«íî»¼_b*cdZ�yÆ(È)+¢«[\nÖ×_{S(-� Fo_{S(-n¾kk�ä»{S(-� uK"��¬}~°�ä¢«En¿%°�l(m)*ð{p�T"#$%&M$TUJ7#KQU%TU {S(-�^_Ãn�k«]kð¬x¾¢¶'

l(m)*¾Á'

�Ùl(m)*ð%¤¢«1Ñ()�zh*�Ù��&�«k¾ÁðÂb°¾¢¶�<_'Ë��&��íî¯»¾Á1l,+�(ª¾¢¶1l,+Èzm,3¯ F6 <Ëáß°¾¢¶98 <ËÉ(h-¬ ·o�º_¾ÁðÂb°�íî¯»ÛÜ&'ðÅ�n³ä¾¢¶ÛÜ&'¯ 98 <Ë¬Âb°�¾Áð · o�û_kx»¾�¯]ø¾¬[ä/�ÙÔ)_Ñxpl(m)*�%°²nÙ¢«k�*°¾¢¶'

p¥5'l(m)*¾Á¬/ !"#$%& ¯�,®()�zh*�æç°¾��¶l(m)*Ô��&�«k1hm*_þ�\Æzh°¾¢¶'

!"#$%& �*h+zy��){��0�,b4)_��'

!"#$%&�*h+zy��){��0�,b4)_��'

{|�Ù_�kn !"#$%& �()*+,-¢«kx»¾�¯�kq9,+\zhÔô�)¬ !"#$%& �ÇÙ¢«kx¯»!"#$%& �*h+zyÙ�){��0�,b4)�ØÙ°q²´µp¶!"#$%& �*h+zy¯»�K%WH�T ê ��Q _9,+\zh³ò»�º.b)_�knÛ½n�Á()µø�â�ÊË_ !"#$%& ¬¢¶!"#$%& �*h+zy¯ !"#$%& {|�,õ¬¯³²»Âb��ë-¬³p�Ù�ª_:,�ö;1nBC¢« !"#$%& _~r¡¬¢¶'

!"#$%&�*h+zy_¾pk¯s��'

]_ÊË¯»�æu³()�zh*�~r°»{S(-b*cd=¿q/®�Å�n°¾°�¶]øn[ä»!"#$%& ð¼_Ù�G9,+\zh³òIn�Ù¢«b*cd_Èqèê��'á_�Ù��°qp¾¢¶'

!"#$%& �*h+zy_ÊË�=¿¢«GÛË_àáÀ��þàø«³òIíî¯»$SPLUNK_HOME/etc/apps/SplunkDesktop/default!H�§¨�.t��^¯»!"#$%& ð()*+,-µøqp«��h+è®n*« !"#$%&�UT&NH" 1yèa,b4)Ù_ setup.conf�TU°¾¢¶'

!"#$%&�*h+zy_�e'

�K%WH�T n !"#$%& �()*+,-°�íî»!"#$%& �*h+zy¯»�{|-+¬Å�¬¢¶ûünÑú¢«��n¢«�k_vn~�q»!"#$%& �*h+zy��n°q»�Ù¢«�*h+zy�9,+

31

\zh_{z+yè)+��¢«]kð¬x¾¢¶'

!"#$%& �*h+zy�){�¹�,b4)¯»�yÆ(È)+É,2,&'�Å�n°qp¾¢ð»�yÆ(È)+hl(1)+k°q_Â �É÷,+°¾¢¶!"#$%& �yÆ(È)+É,2,�Â ¢«n¯»�*h+zy�){�¹�,b4)1yèa,b4)�é{n¢«Òeð*ä¾¢¶'

!"#$%&'�UN¬!"#$%&�*h+zy��n¢«'

!"#$%&'�UN¬ !"#$%& �*h+zy��n¢«'

F7 !"#$%&'�UNZÆ¹()°¾¢¶'>7 ´��hèzh°q»R""´�®\�}~°»]_!"#$%&�*+n()*+,-µøqp« R""T�hèzh°¾¢¶'97 òó¢« !"#$%&�UT&NH" �Ó°qhèzh°¾¢¶��Æzyõö)è*+�� ñJ$U �}~°¾¢¶''67 ´�_È()2,3_û�n*«Ý®)��q»!"#$%& É,2,�£��°¾¢¶1yèa,b4)ð��n³ä¾¢¶'

!"#$%&'�UN¬!"#$%&�*h+zy�Å�n¢«'

!"#$%& �*h+zy�Å�n¢«k !"#$%& ¯�^�yÆ(È)+nHä¾¢¶]øn[ä»()�zh*ê*-,yz+nB¢«¢$q_âÔðúåµø¾¢¶¾�»!"#$%& ¯»Èqèê��'á_�Ù�ð�nHä¾¢¶'

F7 !"#$%&'�UNZÆ¹()°¾¢¶'>7 ´��hèzh°q»R""´�®\�}~°»]_Ì!"#$%&�*+n()*+,-µøqp«R""T �hèzh°¾¢¶'97 òó¢« !"#$%&�UT&NH" �Ó°qhèzh°¾¢¶��Æzyõö)è*+�� #TU �}~°¾¢¶''67 ´�_È()2,3_û�n*«Ý®)��q»!"#$%& É,2,�£��°¾¢¶1yèa,b4)ðÅ�n³ä¾¢¶'

G�P¬!"#$%&�*h+zy��n¢«'

G�P ¬ !"#$%& �*h+zy��n¢«'

./splunk enable app SplunkDesktop -auth <username>:<password>

./splunk restart

G�P¬!"#$%&�*h+zy�Å�n¢«''

G�P ¬ !"#$%& �*h+zy�Å�n¢«'

./splunk disable app SplunkDesktop -auth <username>:<password>

./splunk restart

32

!"#$%& _��'

!"#$%& _��'

!"#$%&_��'

!"#$%& _��'

�K%WH�T _íî»�.)�l()¾�¯�K%WH�T É,w*.Õ,3j,�Ùpq�K%WH�T º_ !"#$%& ��°¾¢¶]_mhb4)¬!f¢«�.)�l()�Ùp�Àï��\k[äÕ²_éyb4)ð/Ë¬x¾¢¶cmdF6¬ C:\Program Files\Splunk\binn��°q�û�àá°¾¢¶'

splunk start

G�K%WH�T À,Á,¬»!"#$%& ð�{|-+Æa,b4)n()*+,-µøqp«íî¯»!f_>©[LÎÏ¬»$SPLUNK_HOME� C:\Program Files\köxà�¾¢I¶'

§¨P� _íî»!"#$%& �.)�l()()®,{;,*GG�PI��Ù°¾¢¶'


!"#$%& ¯Ynl(m)*ýþÍ�©ª°»��v�ßª«Eny¥¢«[\Ð°¾¢¶'

^_¼_��éyb4)'

�kq !"#$%& ��¢«kxnl(m)*y¥�Q�¬ \n¯»start�.)�n accept-license

éyb4)�"#°¾¢¶'


��=n�ûð©ªµø¾¢¶'

Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Verifying configuration. This may take a while... Finished verifying configuration. Checking index directory... Verifying databases... Verified databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sampledata, Checking index files All index checks passed. All preliminary checks passed. Starting splunkd... Starting splunkweb... Splunk Server started. The Splunk web interface is at http://<hostname>:8000 If you get stuck, we're here to help. Feel free to email us at '[email protected]'.

p¥5'�{|-+÷,+ð�ÙÃG¾�¯�Ù¬x³pIíî»!"#$%& ¯YnDÙ¤'³÷,+_�Ù�°ª°¾¢¶]_éyb4)�(L¢«»¾�¯ !"#$%& ð�Ù¢«÷,+�/Ë¬x¾¢¶'

33

^_¼n»noMpromptk answer-yes_ startéyb4) >½Äð*ä¾¢¶'

! $SPLUNK_HOME/bin/splunk start --no-prompt�Â ¢«íî»!"#$%& ¯»�6n��qE²ÒeðÂb¢«¾¬��ßª¾¢¶^_!»[C¢«�¦��²�6ð©ªµø»[C°¾¢¶'

! SPLUNK_HOME/bin/splunk start --answer-yes�Â ¢«íî»!"#$%& ¯»��ßª(V*�9,¬��«�6�qn+(V*-kQ�un��°¾¢¶!"#$%& ¯wxßx�6k��©ª°¾¢¶'

¢$q_éyb4)� F ¬/Ë°q��¢«íî¯»�û_[\n³ä¾¢¶'

$SPLUNK_HOME/bin/splunk start --answer-yes --no-prompt --accept-license

Splunk¯l(m)*Z_y¥��¾��¶ Splunk¯(V*/9,¬��«�6¢$qn+(V*-k��°¾¢¶ Splunk¯(V*/9,�R¬��«�6n��°�íî¯»[C°¾¢¶

{¢_yÆm*_èékÅ��'

start�.)�né\3;h+k°qyÆm*�#�«]kn[�q»{¢_ !"#$%& yÆm*�èé¾�¯æç¬x¾¢¶é\3;h+n¯�ûð�¾ø¾¢¶'

! splunkd»!"#$%& É,2,�,q)'! splunkweb»!"#$%& _ö;\()®,{;,*yÆm*'! watchdog»bjz+õö)=n splunkd�£��¢«g,y1l(\�yÆm*¶T"#$%&W'"KWðXü°³p]kn�{²k»T"#$%&W _£�� 9�¾¬Çþ¾¢¶]_éyb4)¯�K%WH�T¬¯&'°¾��¶nõän»É,w*.Õ3È)+�)ô,-nèJ2èéyb4)�ÊË°¾¢¶'

> splunkd_þ��¢«íî'

$SPLUNK_HOME/bin/splunk start splunkd

splunkweb�Å�¢«íî'

$SPLUNK_HOME/bin/splunk disable webserver

¾�¯»!"#$%&'��NQMWHL ��¢«íî'

$SPLUNK_HOME/bin/splunk start watchdog

��NQMWHL _bjz+õö)n¯»�û_�.)��Ù°¾¢¶'

$SPLUNK_HOME/bin/splunk stop watchdog

startnù¢«8�¯»�û_G�P _¡-y2,3��°q²´µp¶'

$SPLUNK_HOME/bin/splunk help start

34

9767� �E_2,34)��_� '

678 ¡n� ¢£_¤¥¦'

678¡n� ¢«£_¤¥¦'

]_+Azh¯»976� �E_2,34)�� 678 ¡n� ¢«EnÛ¢¢$x67êp¥¦nopqÐÑ°¾¢¶Q�un� µø³p�yÆ(È)+_ÛÜ»v�¬ õ³ªø±³�³p=¿µ�n.(¹�,b4)*hèy+ð��¢«=¿³ò_ÎÏð?@µøqp¾¢¶'

p¥5'976� �E_2,34)�� ¢«£¯»¾Y�kn�ÙÃ_2,34)� 976� ¡n� ¢«�k_£Æn~p»^ø�� qûµp¶678 ¡Z_� ¯ 976 ¡��_þÉ÷,+°qp¾¢¶'

� ¢«En»3ì67nù¢«¤¥ÎÏ/(0²´µp¶'

9767�¡!"#$%&À,Á,_Û¢¢$x=,kÉ÷,+'

!"#$%&'6 ¯»`'k¦§`n©pq¨©un�º°qp¾¢ð»9767� ¡��¿%¢«íîn¤¥°³ªø±³�³p;§:Ù=�ðp²o�*ä¾¢¶¾�»¿%�YnY_2,34)_èè,*�ªo]k/¬x¾¢¶�û¯»!"#$%&'6 _�àn[ä=¿µø�&'_Ñú¬¢¶'

�KVU c,-'

! !"#$%&'6 _«°²1¬µø�ÛÜ©[L()�zh)n#�»ÃËÛÜ«¬�°±¢«&'n[ä»�5è1-®(d¬�,®�©ª¢«�kn{½_l(\(ë)+_�)ô,-�áoÒeð³²³ä¾°�¶Á6»9767� ¡_+�KVU c,--&'nÈX¢«a,*ð*«íî¯»!"#$%&'6Z_1zy¹�,��ªo]k/¬x¾¢¶+,_-.®F¬¯»[äÑ�_�,®{Æ,��¯n»µ�n��ij��¯n/��¢l(\c,-&'_£°±ðÎËµøqp¾¢¶µ�n»ÿ!_1,gchij=¿_«¬n²pÿ!12µø«è1-®(d1l,+kõzb0Ý,�1zy�,+n/(pX²´µp¶'

J*®d{�,-�1hb4)'

! IJ¥ó�¯n»]_&'_£°±�»ä4k»¦§`�12°µ�nÖ×{�,-��¯n°�(ë)+1hb4)�¤'n°¾¢¶³kq´pµ¶nèè,*µø« 67� ¡n£L·äÒ¾ø«&'k°q(Óª²´µp¶]_&'��Ù°»µ�n1zy¹�,��ØÙ¢«íî¯»nõänR��,®ë,*©[L�0��,®� !"#$%& n!äóq« !"#$%&'6 _%°p+õ(ç�zh{�,-�-zh1zy-&'�(Û¢²´µp¶'

*çzyb4z+'

! !"#$%&'6 ¬¯»{¢_ÛÜnB°q®(dl()*çzyb4z+�¸« 97� ¡_`'ðµ�n1¬µøqp¾¢¶!"#$%&'6 _%°p34\.Õ,3j,¯»¢¬nÛÜµø�«¬��÷,+��¢$q_gjzb0ÛÜ«¬��N¬x«[\n³ä¾°�¶¹¿©Ç°²´µp¶'

35

(ë)+*hÆ,è)¹'

! !"#$%&'6 ¬¯»ÛÜÃ¬/Â ¤'³%'2,3m�h®,¬«¬Ë�Q¦n��¬x«¦§`ð{#µøqp¾¢¶wxßx*hÆ,-2,��Ù¢«íî¯»ÿ!_ 67� ¡èè,*n©pqéyb4)&'k°q£L·äÒ¾ø«ÎË¬¢¶'

®(dl()k®(d*®)y_;§:Ù'

! !"#$%&'6 ¬¯»®(d(l)�1¬°»À,Á,ðÛÜ�£Â ¢«Òe³²»ÛÜ«¬�y¥_=Ëº»¬¼½nóø«[\n°¾°�¶µ�n»®(dl()_+�,d()-�hèzh¢«k»=Ëº»�ÿË°qÛÜ�ß ¢«/Ëð¤'¬¢¶'

! µ�n»®(d*®)y_hèzh»®(dl()2,_õ\-hèzh³ò»9767� ¡&'_�pê¢µ�ÿ!_ 67� ¡èè,*n�ªq12¢«ÎË¬¢¶'

hÆ,-'

! hÆ,-¯§P ��ÊË¬x³²³ä¾°�ð»ÛÜ�.)�k°qwxßx(DÙEª¾¢¶IJ��_¥ó�¯n»[äâã�o�¬un(DÙE²�k»]_&'_£°±�»ä4k¾°�¶&'12k»ÿ!_èè,*¬hiµø«ÎË_%°pÀ,Á,()®,{;,*n(Óª²´µp¶'

�P�� àá'

! ]_àá®(y¯»!"#$%&'6 [äÉ÷,+WMµø³²³ä¾°�¶°�ð�q»�,®¾V_¿À��ë*+ylhc�*k°q_�Ù¯©Ák°¾��¶ûü]_àá®(y�ØÙµøqp«íî¯»!"#$%& ðOP¢«{lz+{S(-Zjá�ÍxÒ�]k�(Û¢²´µp¶'

� __^_ð`p»1b*®)+ðÒe¬*«íî¯ó,¾¬©ì��²´µp¶'

l(m)*_� '

!"#$%&'67� ¡¯Âèè,*_l(m)*¬¯&'°¾��¶'

! 678 ¾�¯ 6787F n� ¢«k»()*+,-!»�Ù_l()m)*¯Å�¬¢kA�«Èzm,3ð©ªµø¾¢¶'

! ûü»V)®,yl(��(DÙ_À¯»!"#$%&7QHï _p$2,3¬¿%l(m)*�(Z[²´µp¶'

! 6787> ¡n� ¢«k»!"#$%&'6 ��¢«£n 97� ¡_l()m)*�2zh1zy°q»V)®,yl(�deÙl(m)*nöxà�¾¢¶'

! � ¡_ÅÆl(m)*¾�¯V)®,yl(�l(m)*¬Â ¢«k»!"#$%&'67� ¡��¢«EnmQHWU'�!H�§¨�.t��^�UNQ�T"#$%&7#KQU%TUm�QHWUë{S(-ðúåµø¾¢¶^_!»()*®)*ð C8<Ë��_V)®,yl(�deÙl(m)*�»¼°¾¢¶'

�kqÂ ¢«Enl(m)*�y�b,�'

6787> ¡��»�{|-+n[ä !"#$%& ��kqÂ ¢«£»3X¢«¢$q_ 97� l(m)*�2zh1

36

zy°q»ÊV)®,yl(�deÙl(m)*nöxà�¾¢¶]øn[ä»%°pl(m)*ð�A,µø«¾¬ÓÔÞøn³«]k³²%°p2,34)_ !"#$%& ð�Ù¬x«[\n³ä¾¢¶'

!"#$%&'6787> ¡�¸_2,34)n� °»��³ 67� l(m)*�»¼¢«k»l(m)*{S(-�y�b,�¢«]kð¬x»!"#$%&'6 ��kq��¢«£»%°pl(m)*�»äÒ�¬()*+,-µø¾¢¶]øn[ä»�.b)¬ !"#$%& ��°�!»%°pl(m)*�v�¬�A,¢«Òeð³²³«�k»ÛnÖ×_()*®)*��yÆ(¢«kxn¿hn�D¬¢¶'

! 6787> ¡�¸_2,34)n� °�!¯»¢�n !"#$%& ��°³p¬²´µp¶''! %°pl()m)*��!H�§¨�.t��^�UNQ�T"#$%&M$TUJ7#KQU%TU Z�A,°¾¢¶''! !"#$%& ��°¾¢¶'

�yÆ(¤'³Ôza,3�:;°qp«íî»¼_b*cdZ�yÆ(È)+¢«[\nÖ×_{S(-� Fo_{S(-n¾kk�ä»{S(-� uK"��¬}~°�ä¢«En¿%°�l(m)*ð{p�T"#$%&M$TUJ7#KQU%TU {S(-�^_Ãn�k«]kð¬x¾¢¶'

� nn°�2,34)¯òø��'

97� ¡�yÆ(È)+�Ù�nîõ�qJ*®.(�°qp³píî¯»�KLJ�NU'H%'�K%WH�T ¾�¯�KLJ�NU'H%'§¨P� k�±ø«Q�� yÆm*�ØÙ¬x«íîð*ä¾¢¶'

97� ¡�yÆ(È)+�*«Ã)J*®.(�°qp«íî¯»GÛn»WU"#HIïU%N7QH%]�J*®.(�°qp«íîI»v�n[«�yÆ(È)+_� �Û¢¢«Òeð*«íîð*ä¾¢¶^_íî¯»!"#$%&'67� Z_v�� \/ªn~�q²´µp¶'

� µø³p1(cd'

!"#$%&'67� ¯»�E_2,34)k«°²Ä³ä¾¢¶^_�k»97� ¡�yÆ(È)+_ÊË{S(-n¯� �Yn%°p 67� ¡()*+,-n�A,µø«/_ð*ä¾¢¶�´°»3X_�yÆ(È)+_��¯� µøY»£ ±ðÒe³íîð*ä¾¢¶]ø¯»Ûn 97� ¡_�yÆ(È)+©[LÊËðÑÅnJ*®.(�µøqp«íînùÆ°¾¢¶'

!"#$%&'�UN©ª_J*®.(�'

!"#$%&'�UNnopq*�Ç«/_ð£ ±µø%�n�;µø¾°�¶^_«¬»!"#$%&'�UN ©ªnÁ�µ��J*®.(È,b4)_¢$q�� ¢«]kð¬x³²³ä¾°�¶o¾ä»67� 1,gchij©[LÉ,-�Ùpq£ ±¢«Òeð*ä¾¢¶ûü¯^_è*+¬¢¶'

! {|,dÉ,i''! {�,-�1hb4)G]KU#W.�QNKH%T7QH%]I''! õzb0Ý,�'' '! §P yè{S�)*G"JU]T7QH%]I''! WX°�ÛÜ_�÷,+ij,+kc,\-yè{S�)*''! §P *+è)¹Z=¿G#KNUJ�#T7QH%]I''

37

1yèa,b4)nù¢«¤¥¦'

gh»1yèa,b4)¯� µø¾��¶°�ð�q»1yèa,b4)�£ ±°q»678 ¡_%°p1,gchijn"Ê¢«Òeð*ä¾¢¶678 ¡_1yèa,b4)nù¢«8°pÎÏ¯»èÂ./01-��÷°q²´µp¶1yèa,b4)_� nù¢«[ä8°p}(õ)*nopq¯»èÂ./01-_ 97� ¡ �""T _� nù¢«+Azh��°q²´µp¶'

!"#$%&'9767� ¡_¢$q_1yèa,b4)ð 678 ¡¬¼½nDÙ¬x«k¯Ôä¾��¶%°p1yèa,b4)¯àËYÌ¢�n !"#$%&'R""'!NHJU n"#µø¾¢¶'

!"#$%& _ HGP �)yl(1)*k !"#$%& _=¿´�¯»ÿûü !"#$%&'6 ¬¯(DÙEª¾��¶]_pYø�_1yèa,b4)�á�qp«íî¯»¿%¢«EnÉ÷,+n�Í¢«»¾�¯ !"#$%& _Ôl�-�()*®)*�()*+,-°q|á¢«]k�(Û¢²´µp¶'

�yÆ(È)+É,2,k{|�,õ_¤¥¦'

!"#$%& �yÆ(È)+É,2,��Ù¢«£¯»ÒY 67� ¡_%°p�yÆ(È)+�É,2,�1,gchij��q�yÆ(È)+<�){��0�,b4)�£ ±¢«Òeð*ä¾¢¶o¾ä»� ¯¬x¾��¶97� ¡_ deployment.confn=¿�#�«íî¯»%°²()*+,-°� !"#$%&'67� ¡n�A,°³p¬²´µp¶%°p�yÆ(È)+�É,2,��){��0�,b4)� ±¢«�k_ë,*k°q�Ù°q²´µp¶'

^_Ë»9767� ¡_�yÆ(È)+É,2,khl(1)+�ák»û=¦¬¢$q_hl(1)+�� °³píî¯»]_+Azh_/ªn~�q»Òe1�Ô_/_´ª_�� 9767� ¡�yÆ(È)+�É,2,�ÊË°q»�yÆ(È)+<hl(1)+�wxßx´�°¾¢¶'

{|�,õ��yÆ(°�íî¯»67� ¡n!¬� ¢«]kð¤'¬¢¶o¾ä»9797� ¡{|�,õ¯!"#$%& _ 67� ¡¬&'°¾¢¶Ûn]ø¯ÑÇ{|�,õ�yÆ(È)+nÎÏk¾¢¶67� n{|�,õ�� ¢«En%°p�yÆ(È)+�É,2,��){��0�,b4)nÐø«¾¬_©=Ë�áo]kð¬x¾¢¶'

97�¡_hl(1)+�678¡¾�¯6787F¡!"#$%&()*®)*kÑÙ¢«khl(1)+ðhlzb0¢«'

6787> ¡¬]_67¯Ð4µø¾°�¶'

67� ¡É,2,ð3X_ 97� ¡�yÆ(È)+<hl(1)+nùÒ°³p]k�Z�n¢«�kn»67� ¡()*®)*_´�÷,+�=¿°¾¢¶ûü�$SPLUNK_HOME/etc/system/local/web.confn#�q»�{|-+·¸ A8A? ÷,+�� A8?8 n=¿°¾¢¶'

[settings] mgmtHostPort = 127.0.0.1:8090

�e5'67� ¡_{|�,õ¯»97� ¡_�yÆ(È)+<É,2,n¯&'°¾��¶'

v�¬� ¢«1(cd'

!"#$%&'67� ¡¯ 97� ¡k¯«°²Ä³ä».(¹�,b4)*hèy+¯��_ÊË{S(-_�)c)É

38

�=à°¾��¶]_mhb4)¯»v�¬=¿¢«p²o�_1(cdnopqüf°¾¢¶'

*a30,-ÛÜk1l,+_¤¥¦'

*a30,-ÛÜk1l,+¯»Q�un� µø¾��¶678 ¡_ç�z3q�-¬¯»1yèa,b4)�)ch*+�R¬ÛÜ¯Â ¬x¾��¶°�ð�q»WXµøqp«ÛÜ¯ÛÜ1yèa,b4)_��kó³µø¾¢¶o¾ä»^ø�¯¢$Óq �""T n(ª¨µø»¹Æ,2-¾�¯©ª¯¬x¾��¶'

WX5þÛÜ�� ¢«íî'

F7 !"#$%& _æç �.)��Â °¾¢¶'

$SPLUNK_HOME/bin/splunk stop

>7 $SPLUNK_HOME/etc/system/local/savedsearches.conf�$SPLUNK_HOME/etc/apps/search/local/n��°¾¢¶'3. ôT�VUWTU�JQMUT�ô¬é«?E_¢$q_*®)Á�$SPLUNK_HOME/etc/system/metadata/local.meta�� $SPLUNK_HOME/etc/apps/search/metadata/local.metan��°¾¢¶ 67 !"#$%& _èé �.)��Â °¾¢¶'


®¹kV(è1*_¤¥¦'

ô,*®(y_?E=¿¯»+ô,*®(yV(è1b)¹-�öà°»®¹¬ÂÔµø¾��¶8°pÎÏ¯»ç�z3.Õ,3j,./01-_+®¹kV(è1*nopq-��°q²´µp¶V(è1*µø�ô,*®(ynÈX°�WX5þÛÜ¯� °³pk&'°¾��¶WX5þÛÜ_� vnopq¯»*a30,-ÛÜ©[L1l,+nù¢«� _¤¥¦�(0²´µp¶'

QJ��#7QH%]nù¢«¤¥¦'

crawl.conf*®)ÁÕ]K#U.QJ��#UJÖ¯»Õ]K#UTÖn?E�=¿¢«Òeð*ä¾¢¶Q�=¿µø¾��¶'

G�Pnù¢«� n67³°'

!"#$%&'67� ¡_�.)�()®,{;,*l()_GG�PI¯»B�nÍxà��øqp¾¢¶� nù¢«3ì67ê»×�_§à`67¯ÏZµøqp¾��¶G�P Z_=¿�¾kk�è*+nù¢«èè,*9,+��÷n°q²´µp¶^øn¯»µ¶É÷,+ðWMµø³pG�P �.)�éyb4)ê%&'ð�¾ø¾¢¶'

Q�� ÃnÂb¢«=¿'

� Ã»Õ²_ÊË{S(-_ãØn�A,µø«õª¬¯*ä¾��¶!"#$%& ¯]ø�_{S(-_�)c)É��=à©[L� ¢«�k_*hèy+�°±°»67� ¡¬ÅZn&'¢«]k�Z[°¾¢¶� y�w0,À,c�èc��Â °q»Â£n¿%©[L� ¢«En=¿µø«`a�Z[¢«]k

39

ð¬x¾¢¶ûü¯� _£nÂb¢«=¿_��è*+¬¢¶'

�#UJN.�QNKH%T7QH%]'

]_ÊË{S(-¯»T�VUWTU�JQMUT7QH%]n[ä� µø¾¢¶'

K%WU�UT7QH%]'

� Ã»p²o�_z`¯ K%WU�UT7QH%]Z"#µø¾¢¶�À^_¼_Æ,J-z`¯úå¾�¯¹Æ,2-<ÔlÈ,®Zk=¿µø¾¢¶ù�ÔlÈ,®nopq_8�¯»´�./01-`_ K%WU�UT7QH%]��÷°q²´µp¶'

ûü_z`Z_É÷,+¯Ãçµø¾¢_¬&'°³²³ä¾¢¶'

! .�QNKH%T''! ï��ñUJïGM�JT''! ï��ñUJïT''! ï��HHTNK%LT''! ï��Q�#$UT''! ��KN�HJ�"NKïKuU''

ûü_¹Æ,2-z`¯üf¢«�{|-+�¯n"#µø¾¢¶'

! K%WU�ñMJU�WT'l'�$NH''! ï��Uï��'l'·''! ïUïHHH#��'l'�$NH''! ï��tHN!"�%!UQT'l'rrrC888''! ï��tHNPW#U!UQT'l'8''! ï��tHN�$Q&UNT'l'F''! e$�J�%NK%UH�TN!UQT'l'rrrC8888''! e$�J�%NK%U�$N$JU!UQT'l'>·?>888''

Ñ�()�zh*Gï�K% ³òIn¯»ûü_�{|-+��Ù°¾¢¶'

! ï��tHN�$Q&UNT'l'F8''! ï��tHNPW#U!UQT'l'AC688''! ï��Uï��'l'>8''

T�VUWTU�JQMUT7QH%]'

� Ã»{|,dÛÜ¯Å�n³ä»�{|-+_¹Æ,2-<w0,*c,+ðmz+µø»é,ç,z`ð��µø«]kn[ä 678 ¡_Î!k7Ôq�-nBC°¾¢¶'

! searchz`ð.hÆG�mTNJK%LTë�I��íî¯»disabled'l'F ð*®)Án#��ø¾¢¶''! z`ð»ôviewstate7ô��é«l()_w0,*c,+FïW�TM �ËÙ¢«íî¯»^_l()¯

40

�È)+1ö+µø¾¢¶'! *®)ÁðÚ$TUJKWÚ'©[L�¾�¯'ÚJH#UÚ'z`��íî¯»;ó¢«ïUN�W�N�'H�%UJ�RG� ð"#µø¾¢¶'

TUJVUJ7QH%]'

� Ã»ûü_z`ð T"#$%&W7�ï# �� TUJVUJ7QH%]Zk��µø¾¢¶'

! ïK%�JUU�N''! "H##K%L�JUe$U%QI''! TUJVUJ¨�ïU''

É,2,%¤»g,{S(-»Ô*�,�nB°qûü_z`ð?{ª�ø¾¢¶'

! &UIT]K#U ¯»TT#&UIT]K#U nöxà��ø«'! &UIT]K#U"�TT�HJW ¯»TT#&UIT]K#UH�TT�HJW nöxà��ø«''

�K%WH�TÛÙ_QH%]{S(-'

� Ã»�K%WH�TÛÙ_{S(-GJULïH%M]K#NUJT7QH%]O'TITïH%7QH%]O'�%W'�ïK7QH%]I©[L��-� ;�¡Qv5%tu(v�i�K%WH�T'1yèa,b4)1,gchijZk!{h¢DEF

úåµø«QH%]{S(-'

� Ã»ûü_ QH%]{S(-ðúåµø¾¢¶'

typedefs.conf

searchdata.conf

§¨P� n©ª«!"'

§¨P�n©ª«!"'

678 ¡Z_� =n¯»ÊË{S(-ð¿%µø=¿µø¾¢¶� y�w0,À,c�èc��Â °qÂ£n¿%©[L� ¢«En=¿µø«`aðZ[¬x¾¢¶^_£»*hèy+ð°Ü¢«=¿��{S(-ðûünÍxÒ¾ø¾¢¶'

$SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

� _En'

� ¢«En»� nù¢«¤¥=,�Û¢°»!"#$%& _ÊË»�,®»2(çè,��¢$q_{S(-�2zh1zy¢«]k�Ý²©Ák°¾¢¶!"#$%& ¬¯»E_2,34)nõö)¹�,�¢«Àï�°±°¾��¶o¾ä»Â !"#$%& èè,*ZH°�píî¯»£()*+,-°�Àïð*ä¾��¶'

' '

41

� _lÀ'

F7 $SPLUNK_HOME/bin/splunk stop�.)��Â °¾¢¶'>7 3X_ !"#$%& Ôza,3�3X_ !"#$%& �yÆ(È)+Z()*+,-°¾¢¶'

ñRS {S(-��Ù¢«íî¯»3X_ !"#$%& ()*®)*kyð��h+èZ^ø�ab°q²´µp¶]øn[ä�Þ¢«{S(-�ºÍx°öxà�¾¢ð»ÿ�_{S(-¯úåµø¾��¶'

SH�³ò_Ôza,3.Õ,3j,��Ù¢«íî'

rpm -U splunk_package_name.rpm

97 $SPLUNK_HOME/bin/splunk start�.)��Â °¾¢¶'

ûü_jáð©ªµø¾¢¶'

This appears to be an upgrade of Splunk. -------------------------------------------------------------------------------- Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'.

If you want to see what changes will be made before you proceed with the upgrade, choose 'n'.

Perform migration and upgrade without previewing configuration changes? [y/n]

67 � y�w0,*hèy+�Â °q3X_ÊË{S(-n=¿µø«à�Z[¢«»¾�¯� ©[L1zy¹�,��Â ¢«_}~ð¬x¾¢¶'·7 =¿à_Z[� \íî¯»*hèy+¬�0ð©ªµø¾¢¶'6. =¿à�Z[°»� ©[L1zy¹�,��Âf¢«^_ð¬x��»£L'$SPLUNK_HOME/bin/splunk start�Â °¾¢¶

p¥5'*czy 9�� ·¾¬� F ¬üf¬x¾¢¶'

1zy¹�,��Âf¢«Enl(m)*_y¥k=¿à�Z[¢«G��Ú%ÚIíî'

$SPLUNK_HOME/bin/splunk start --accept-license --answer-no

=¿à�Z[�YG��ÚIÚIn²l()m)*ny¥°q1zy¹�,��èé¢«íî'

$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

�K%WH�T n©ª«!"'

�K%WH�Tn©ª«!"'

� ¢«k»ÊË{S(-¯1zy¹�,�©[L=¿ð õø»%°p&'�É÷,+°¾¢¶� y�w0,À,c�èc��Â °q»Â£n1zy¹�,�©[L� ¢«En=¿à�Z[¢«]kð¬

42

x¾¢¶^_£»*hèy+ð°Ü¢«=¿��{S(-ðûünÍxÒ¾ø¾¢¶'

$SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

� _En'

! +678 ¡Z1zy¹�,�¢«£_¤¥¦-_� nù¢«p¥=,�Z[°q²´µp¶'! !"#$%& _ÊË»�,®»2(çè,��¢$q_{S(-�2zh1zy°¾¢¶'! �K%WH�T _*®,+È/0,éyb4)¾�¯$SPLUNK_HOME/bin/splunk stop�.)��Â °q !"#$%& �æç°¾¢¶'

! ¿%Ã¯ !"#$%& �Â ¢«À,Á,�=¿¢«]kð¬x¾��_¬(p¥²´µp¶�K%WH�T_É,w*�)+Æ,-ÔÕ-¬/À,Á,¯=¿°³p¬²´µp¶=¿¢«k»!"#$%& _&'ðæç°¾¢¶À,Á,�=�«Òeð*«íî¯»!"#$%& �1)()*+,-°q��£()*+,-¢«Òeð*ä¾¢¶'

! �K%WH�T'R"" ¯»678 �� 6787> ¡n©pq�{|-+¬��¬¢¶67879 ¡��¯»�.)�l()��!P ()*+,-yÆm*�g°qúßn��n°³pÔä�{|-+¬¯Å�¬¢¶'

ÑúÍ_1zy¹�,�'

F7 !"#$%& õö)Æ,�2,3¬%' �!P {S(-�õö)Æ,�°¾¢¶'>7 �!P {S(-�õ\-hèzh°¾¢¶'

DEF6ð©ªµø¾¢¶F6º_/ªn~�q !"#$%& �1zy¹�,�°¾¢¶'

�F6nù¢«8�¯»()*+,-./01-��÷°q²´µp¶'

()*+,-_øEn»]1zy¹�,�¬=¿µø«à�y�w0,¬x«éyb4)ð©ªµø¾¢¶'

97 ÒenCðq1zy¹�,�©[L� à�y�w0,°q²´µp¶'

ûü_cg*+ð©ªµø¾¢¶'

This appears to be an upgrade of Splunk. -------------------------------------------------------------------------------- Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'.

If you want to see what changes will be made before you proceed with the upgrade, choose 'n'.

Perform migration and upgrade without previewing configuration changes? [y/n]

67 � y�w0,*hèy+�Â °q3X_ÊË{S(-¬=¿µø«à�Z[¢«»¾�¯� ©[L1zy¹�,��Â ¢«�_}~ð¬x¾¢¶'·7 =¿à_Z[G¨�}~I� \k»*hèy+ð�0�©ª°¾¢¶'

43

*hÆ,-1zy°q=¿�Z[¢«¾�¯$SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>¬ó«]kð¬x¾¢¶è*+_1!nVl,Èzm,3ð©ø¾¢ð»ÅP°q²´µp¶'

C7 ^%NUJ �U°q»*czy 9ZH«»¾�¯ p�àá°q¿%�[C°¾¢¶'

�e5'� ¾�¯1zy¹�,�¢«£¯»!"#$%& �Â ¢«À,Á,�ÒY£/Ë°q²´µp¶]_ÎÏ¯»èè,*ðÂb¢«à)»Q�un|áµø¾��¶'

!"#$%&_��'

�K%WH�T _íî»!"#$%& ¯�{|-+¬rProgram Files\SplunkZ()*+,-µø¾¢¶'

�K%WH�T É,w*.Õ,3j,��Y_ !"#$%& yÆm*��æç¬x¾¢¶''

! !"#$%& É,2�,q)5'splunkd''! �UN()®,{;,*5'splunkweb'

µ�n»\Program Files\Splunk\binnûü�àá¢«k»¼½n�yÆm*��»æç»£��°¾¢¶'

# splunk.exe [start|stop|restart]

p¥5''!"#$%& É,w*_èé�}~°³pk»v�*®,+1zynÊËµø»£��_!*®,+°³²³ä¾¢¶ÒY�K%WH�T'!UJVKQU'��%�LUJ'��G��èé°»\,+=_£nQ�un*®,+�ØÙ¢«íî¯ auto-start�ÊË°q²´µp¶'

�e5'1zy¹�,�_!»!"#$%& ¯»p²o�_{S(-�2(çè,k°q@�qýþék«]kð*ä¾¢¶ô,**®)Ánûü_l()�#�«k»props7conf`_�:�ºÍx¬x¾¢¶''

NO_BINARY_CHECK = true

!"#$%&'67� nv�¬� ¢«v'

!"#$%&'67�nv�¬� ¢«v'

]_+Azh¯»!"#$%&'97�'�v�¬ 67�'2,34)n� ¢«v�Ñú°¾¢¶ék«En»ÒYÌÍ_+678 ¡Z1zy¹�,�¢«£_¤¥¦-�©ýþ²´µp¶'

97�'¡�yÆ(È)+�J*®.(�°qp³píî¯»�KLJ�NU'H%'�K%WH�T ¾�¯�KLJ�NU'H%'§¨P� k�±ø«Q�+()y�,*� yÆm*�DÙ¬x«íîð*ä¾¢¶Ûn WU"#HIïU%N7QH%]�J*®.(�°qp³píî¯»Q�� yÆm*��«¤'`ð*ä¾¢¶'

'J*®dÊË_p²o�¯�²� µø³p�k»%°p !"#$%& _{�,d�,h`n£ ±µø³ªø±³ä¾��¶µ�n8°pÎÏ¯»]_+Azh_+� µø³p1(cd-©[LÌÍ_+678 ¡n1zy¹�,�¢«£_¤¥¦-��÷°q²´µp¶'

' '

44

v�� yÆm*_�e'

v�g:¬¯»3X�yÆ(È)+_2zh1zy�A,�:;°»97� k¯½_Ô*¬ !"#$%&'67� �()*+,-°»^_!»97� �yÆ(È)+��,®êÊË{S(-�� °¾¢¶]_g:¯»õö)®(d�1rÔná�«]k�Àân�Á()µøqp¾¢¶'

]_g:n¯�ã_p¥ðÒe¬¢¶!"#$%&'67� ¯ 97� 2,34)k¯«°²Ä³«�k»Õ²_ÊË{S(-¯ãØn�A,¬x¾��¶!"#$%& ¯]ø�_{S(-_�)c)É��=à©[L� ¢«�k_*hèy+�°±°»ZÂn 67� ¡¬Å°²&'¢«[\Z[°qp¾¢¶'

g:¢«En]_+Azh�$�©ýþ²´µp¶^\¢ø±»g:n[«äå��Ð°»^ønn°�®Fð �¾¢¶'

� µø³p1(cd'

Ef_k©ä»!"#$%&'67� ¯»Â2,34)k«°²Ä³ä¾¢¶3X�yÆ(È)+_��¯� µø³p�k»£ ±¢«Òeð*ä¾¢¶'

!"#$%&'�UN©ª_J*®.(�'

!"#$%&'�UNnopq*�Ç«/_ð£ ±µø»%�n�;µø¾°�¶^_«¬»!"#$%&'�UN ©ªnÁ�µ��J*®.(È,b4)_¢$q�� ¢«]kð¬x³²³ä¾°�¶o¾ä»67� 1,gchij©[LÉ,-�Ùpq£ ±¢«Òeð*ä¾¢¶ûü¯^_è*+¬¢¶'

! {|,dÛÜ''! {�,-�1hb4)G]KU#W.�QNKH%T7QH%]I''! õzb0Ý,�'M'£ ±_Àïnopq_Ñú¯]]��(0n³ø¾¢¶' ' '! §P yè{S�)*G"JU]T7QH%]I''! WX5þÛÜ_�÷,+ij,+kc,\-yè{S�)*''! §P *+è)¹Z=¿G#KNUJ�#T7QH%]I''! 97�'R""T'M'£:æ_}(õ)*¯��ëÆzÔç./01-_+Azh�(0²´µp¶'

�yÆ(È)+É,2,k{|�,õnù¢«¤¥¦'

! !"#$%& �yÆ(È)+É,2,��Ù¢«íî¯»� ð¬x³p�k»67�'¬%°p�yÆ(È

)+É,2,_1,gchij�£ ±¢«Òeð*ä¾¢¶97�'¬ deployment7conf�=¿°qp«íî»^ø�'67�'n�A,°q¯pª¾��¶½_í>nWX°q»%°p�yÆ(È)+É,2,_ÊË_ë,*k°q©�p²´µp¶'

! {|�,õ��yÆ(È)+°�íî¯»67�'Z_� �è��q»97�'_{|�,õ�'67�'¬&'¢«[\n¬x¾¢¶]ø¯»Ñ�_{|�,õ�yÆ(È)+� \£n�D¬¢ 67� n{|�,õ�� ¢«En%°p�yÆ(È)+�É,2,��){��0�,b4)nÐø«¾¬_©=Ë�áo]kð¬x¾¢¶'

! 2,34) 67� {|�,õ¯»2,34) 97� �yÆ(È)+É,2,¬¯&'°¾��¶''

45

� �èé¢«En'

!"#$%& �,®©[LÊË{S(-�� ¢«En»97� _2zh1zy�A,�:;°¾¢¶/�k/âã³Àï¯»!"#$%&'G�P'WK�L À,c�èc��Â °»¢$q_()*+,-��´}~G7N�JI{S(-�:;°¾¢¶Â ¢«n¯»�!H�§¨�.t��^�NK% ��ûü�àá°¾¢¶'

§¨P� _íî'

./splunk diag

�K%WH�T _íî'

splunk diag

�Ùij¬ WK�L _Â ðéê³íî¯»cmd�.)��Ùpqøù "INMH% *hèy+�Â °¾¢¶'

./splunk cmd python /opt/splunk/lib/python2.5/site-packages/splunk/clilib/info_gather.py

]øn[ä»splunk-diag.tar.gz|zipð:;µø»97� _�yÆ(È)+_2zh1zyk°q|áµø¾¢¶'

]øð[C°��»ÌÍ_vn~�q»97� ð()*+,-µøqp«í>k¯Ä³«ylz+{|,dn 678 2,34)�()*+,-°¾¢¶�´°»¢�n¯��°³p¬²´µp¶'

67�'!"#$%& ()*®)*¯°±�²��°³p¬²´µp¶'

v�n[«� �Òek°³pÊË{S(-_()÷,+'

97� ¡�yÆ(È)+_��_ÊË{S(-¯� ¢«Òe³²»%°p 67� ¡()*+,-Zk�A,µø¾¢¶'

]ø�_{S(-�$SPLUNK_HOME/etc/system/local��KLymZ»µ�n custom config��h+è��A,¢«]k�ëø³p¬²´µp¶/defaultn¯�A,°³p¬²´µp¶'

! deployment.conf�å²¢$q_ÊË{S(-��A,°¾¢¶'! %°p 67�'!"#$%& ()*®)*n�k« inputs.conf_�A,�TU°q»¢$q_àá�

disabled=truenÊË°¾¢¶'

À,Á,kÔ*�,�ÎÏ_()÷,+'

]_=¦¬»�û��À,Á,�,®»Ô*�,�»[MÎÏ�»¼¬x¾¢¶'

! �$NMU%NKQ�NKH%7QH%]''! �$NMHJKuU7QH%]''! T"#$%&7TUQJUN''! "�TT�W']K#U''

67�'!"#$%& ()*®)*¯°±�²��°³p¬²´µp¶'

46

!"#$%&()�zh*�,®_� '

]_mhb4)¯»%°²()*+,-µø� 67�'�ÊË°q3X_ !"#$%& ()�zh*�,®�ýþÒ�ÀïpopqÑú°¾¢¶Â�,®¯£()�zh*µø³pÔäG�ìnéyb4)kµøqp³pI»íp�,®�ÛÜ°q/'67�'ÑÅ³`'12�æî¬x³píîð*ä¾¢¶�´°»67� 2,34)Z� !n()�zh*°��,®¯¢$q»`'12�É÷,+°qp¾¢¶'

ïäð°¾¢ð»õö)®(dê�,®¾V�1�ná�«�kn�ã_p¥�ñ�q/ªn~�qò´µp¶ó¯Ñ=¬¢ô¾�»õn�ß°q�*czy�Â ¢«^_�°q²´µp¶3X_ !"#$%& �yÆ(È)+¬îMHNî()�zh*�,®��h+è�î��JïîZk�yÆ(È)+°��»ö]²Y_*czynGþ»õö)®ö)®(d�1�Ôná�»%°²()*+,-°� 67� ¡ !"#$%& ¬()�zh*�ékq²´µp¶'

!"#$%&'GHïï$%KNI'�K&K n?@µøqp«+2zh1zy_ë*+ylhc�*-��°»îMHNî©[Lî��Jïî()�zh*��h+ènopq�Ð�÷kq²´µp¶'

F7 67�'�()*+,-°�-,+��h+è¬»T"#$%&M#�$%QM7QH%]�TU°»!H�§¨�.��qð97� �yÆ(È)+_()�zh*�,®��h+è�ª¢[\n°¾¢¶�{|-+¬»]_q¯/opt/splunk/var/lib/splunk¬¢ð»97� ¬�yÆ(È)+_ T"#$%&M#�$%QM7QH%]�Z[°q»Å°pÔ*¬*«�Z[°q²´µp¶'>7 Yn»97�'�yÆ(È)+¬»G�P ��q MHN ()�zh*�,®��h+è_¢$q_�,®Æ,c,b4)��Jï��h+ènÝâ°¾¢¶]ø� \n¯»�û�àá°¾¢¶'

! ./splunk search '| oldsearch !++cmd++::roll' -auth splunk

" ø!n+tHN'WNð��JïZ� °��k»ÛÜÂ nVW°¾°�¶-kp\Vl,ð©ªµø¾¢ð»ÅP°q²´µp¶¾�»]_G�P �.)��Â ¢«n¯´�Ô*�,�ðÒe¬¢¶'

" ûüÍxÒþÃ_¼_()�zh*�Æ,c,b4)¢«íî¯»�û��Ù°¾¢¶''" ./splunk search ' | oldsearch index=<INDEX_NAME> !++cmd++::roll' -

auth admin:<ADMIN_PASSWORD>

97 ¢$q_()�zh*�ìMHNî��î��JïînÆ,c,b4)¢«k»ø!n 97� �yÆ(È)+ðbjz+õö)µø»67� _()*+,-ðéä¾¢¶67� ��¢«k»�A,°��_ÊË{S(-¯»Q�� yÆm*��òä¾¢¶!"#$%& ¯»�kq 67� �*®,+¢«kx_]_yÆm*nù¢«ÎÏ�©ª°¾¢¶'67 ¤'³Ôäê�n»%'()*+,-°� 67� nÆ¹()°»ZÂn'97� ()�zh*n*«�,®�ÛÜ°q»¢$q_� v�ÛM°¾¢¶%'_�yÆ(È)+ðÛÜ�Â °»97� ()�zh*_�,®�ÛÜ¬x«]k�Z[°¾¢¶ÛMnVW°�íî¯»+l\-b0,c�)¹� \En»¼½n 97� �yÆ(È)+�£��°q²´µp¶'·7 67� �yÆ(È)+ð 97� ()�zh*�,®�ÛÜ¬x«]kðÛM¬x��»¼½n K%"$NT7QH%]�TU°q»àán'disabled=false'�ÊË°»67�'!"#$%& �yÆ(È)+�£��°q��n°¾¢¶^_�,®ð%'�yÆ(È)+nä�ø\]k�Z[°¾¢¶'

]ø¬»%°p 67�'!"#$%& �yÆ(È)+_�Ù^_ð`p¾°�¶'

47

��ÛÜ_�Ù'

��ÛÜ�ÊË¢«íî¯»ÒY%°pg,�¢$q_ÛÜA1nøù°q»67� nq��ÛÜ��Ù°¾¢¶]_g,¯»��ÛÜð��_íîn»*®,+1zy_=¦¬:;µø¾¢¶'

g,¯»$SPLUNK_HOME/etc/auth/distServerKeys/n:;µø¾¢¶$SPLUNK_HOME/etc/auth/distServerKeys/trusted.pemk private.pem{S(-�úko_�*+��ÛÜA1_�ìnøù°¾¢¶'

48

678 �¸��_1zy¹�,�'

�K%WH�T º_ !"#$%& _1zy¹�,�'

�K%WH�Tº_!"#$%&_1zy¹�,�'

]_+Azh¯»�K%WH�T'!"#$%& ()*®)*�2,34) 67� ��1%2,34)n1zy¹�,�¢«v�Ñú°¾¢¶s§P ()*+,l,�ØÙ°q»¾�¯+�.)�l()¥¦_�K%WH�T Z_()*+,--_Ñún~�q�.)�l()¬ïTKU�UQ �Â °q1zy¹�,�¬x¾¢¶'

p¥5''678 �� 6787> _2,34)¬¯»�K%WH�T'R"" ¯»�""7QH%]{S(-¬�{|-+¬��nÊËµøqp¾°�¶67879 ¡��»]_{S(-¬�{|-+¬Å�nÊËµøqp¾¢¶�û_�eÎÏ�©ýþ²´µp¶'

" 678 �� 6787> _2,34)� 67879 �¸_2,34)n1zy¹�,�¢«k»�K%WH�T'R"" ¯¿%E��/Å�n°¾¢¶'

" 67879 �¸_2,34)�%'n()*+,-¢«k»�K%WH�T'R"" ¯�{|-+¬�!P¥¦¬��nÊËµø¾¢¶Å�¬()*+,-¢«íî¯»!H�§¨�.RHH'ïTKU�UQ �.)��Ù°q+�.)�l()��K%WH�T Z_()*+,--'_Ñún~�q/Ë°¾¢¶'

¿%_En'

�e5'1zy¹�,�¢«£¯»ÒY��()*+,-¬/Ë°�À,Á,kyð�È()À,Á,�/Ë°q²´µp¶yðÀ,Á,�/Ë°³pk»!"#$%& ¯Æ,J-b*cdÀ,Á,��{|-+n°¾¢¶()*+,-_£n@��À,Á,�/Ë°q°¾��íî¯»!"#$%& ��¢«EnÌÍ_/ªn~�qÅ°pÀ,Á,nÄÅ°q²´µp¶'

�e5'1zy¹�,�¢«En»!"#$%& _ÊË»�,®»2(çè,��¢$q_{S(-�2zh1zy¢«]k�Ý²©Ák°¾¢¶!"#$%& ¯»E_2,34)nõö)¹�,�¢«Àï�°±°¾��¶o¾ä»Â !"#$%& èè,*ZH°�píî¯»£()*+,-°�Àïð*ä¾��¶'

s§P()*+,l��1zy¹�,�'

F7 �K%WH�T _*®,+È/0,�éyb4)¾�¯$SPLUNK_HOME/bin/splunk stop�.)��Â °q !"#$%& �æç°¾¢¶'>7 !"#$%& õö)Æ,�2,3��%°p�!P �õö)Æ,�°¾¢¶'97 �!P {S(-�õ\-hèzh°¾¢¶DEF6ð©ªµø¾¢¶F6º_/ªn~p»!"#$%& �1zy¹�,�°¾¢¶�F6nù¢«8�¯»()*+,-ÑúÍ��÷°q²´µp¶'67 ()*+,-ðBC¢«k»�{|-+¬ !"#$%& ð��µø¾¢¶'

1zy¹�,�Ã_ÊË{S(-nB¢«=¿Æ¹¯�ñ^�H�nWXµø¾¢¶'

49

�.)�l()��1zy¹�,�'

F7 �K%WH�T _*®,+È/0,�éyb4)¾�¯$SPLUNK_HOME/bin/splunk stop�.)��Â °q !"#$%& �æç°¾¢¶'>7 !"#$%& õö)Æ,�2,3��%°p�!P �õö)Æ,�°¾¢¶'97 +�.)�l()¥¦¬�K%WH�T n()*+,--_vn~p¾¢¶!"#$%& �Æ,J-b*cdÀ,Á,�R¬Â ¢«íî¯»ÒY�.)�l()n]_À,Á,�/Ë°q²´µp¶]_=¦¬÷,+G!H�§¨��.H�Sñ'©[L'�^�.H�SñI�=¿¬x¾¢¶¾�»�R§¨Gt!H�§¨�éyb4)��qBC=n !"#$%& �Q�un*®,+¢«�ò\�_/Ëð¬x¾¢¶¼_ÊË¯=¿¬x¾��¶7'67 .b)_lmn[ä»()*+,-BC=n !"#$%& �Q�un��¢«íîð*ä¾¢¶'

1zy¹�,�Ã_ÊË{S(-nB¢«=¿Æ¹¯�ñ^�H�nWXµø¾¢¶'

!"#$%&_��'

�K%WH�T _íî»!"#$%& ¯�{|-+n[ä\Program Files\Splunkn()*+,-µøq��µø¾¢¶'

�K%WH�T É,w*.Õ,3j,¬Y_ !"#$%& yÆm*��©[Læç¬x¾¢¶'

" É,2,yÆm*5'splunkd''" �UN()®,{;,*yÆm*5'splunkweb'

µ�n»\Program Files\Splunk\binn�û�àá¢«k»�)n�yÆm*��»æç»£��°¾¢¶'

# splunk [start|stop|restart]

�K%$�»!H#�JKT»�JUU�!�»RP�»��Q�!º_ !"#$%& _1zy¹�,�'

�K%$�»!H#�JKT»�JUU�!�»RP�»��Q�!º_!"#$%&_1zy¹�,�'

]_+Azh¯»2,34) 67�'��^ø�¸_2,34)n !"#$%& ()*®)*�1zy¹�,�¢«�k_v�üf°¾¢¶''

1zy¹�,�_°²þ'

1zy¹�,�¢«kx»ÊË{S(-¯»%°p2,34)_()*+,-�Â °�!¬ !"#$%& ��¢«¾¬=¿µø¾��¶^_=¦¬»� y�w0,À,c�èc��Â °q»{S(-ð¿%µø«En=¿`a�ó«]kð¬x¾¢¶ß ¢«En=¿`a�Z[¢«k»1zy¹�,�*hèy+ðÁk«=¿��{S(-ð$SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>nÍxÒ¾ø¾¢¶'

�e5'¿%¢«En»!"#$%& _ÊË»�,®»2(çè,��¢$q_{S(-�2zh1zy¢«]k�Ý²©Ák°¾¢¶!"#$%& ¯»E_2,34)nõö)¹�,�¢«Àï�°±°¾��¶o¾ä»Â

50

!"#$%& èè,*ZH°�píî¯»£()*+,-°�Àïð*ä¾��¶'

1zy¹�,�_v'

F7 $SPLUNK_HOME/bin/splunk stop�.)��Â °¾¢¶'>7 2,34) 678'�¸��1zy¹�,�©[L� ¢«íî¯»!"#$%& Ôza,3�3X_ !"#$%&�yÆ(È)+n()*+,-°¾¢¶'

" 7N�J {S(-��Ù¢«íî¯»3X_ !"#$%& ()*®)*kyð��h+èZ^ø�ab°¾¢¶]øn[ä�Þ¢«{S(-�ºÍx°qöxà�¾¢ð»ÿ�_{S(-¯úåµø¾��¶'

" SH�³ò_Ôza,3.Õ,3j,��Ù¢«£¯»ûü�àá°q²´µp¶rpm -U splunk_package_name.rpm

" 7WïL']K#U'G��Q�!ºI��Ù¢«íî¯»^ø�õ\-hèzh°q/ªn~p¾¢¶ÒY»3X¢«()*+,-kyð()*+,-��h+è�/Ë°q²´µp¶'

97 $SPLUNK_HOME/bin/splunk start�.)��Â °¾¢¶'

ûü_jáð©ªµø¾¢¶'

This appears to be an upgrade of Splunk. -------------------------------------------------------------------------------- Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension. You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade: If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'. If you want to see what changes will be made before you proceed with the upgrade, choose 'n'. Perform migration and upgrade without previewing configuration changes? [y/n]

67 � y�w0,*hèy+�Â °q3X_ÊË{S(-¬=¿µø«à�ó«»¾�¯� ©[L¿%�¼½nÂ ¢«��}~°¾¢¶'·7 =¿à�ó«�}~¢«k»*hèy+ð�0�©ª°¾¢¶'C7 =¿à�Z[°q»� ©[L¿%_^_ð`��»£L'$SPLUNK_HOME/bin/splunk start�Â °¾¢¶'

p¥5'*czy 9�� ·¾¬� F ¬üf¬x¾¢¶'

1zy¹�,��Âf¢«Enl(m)*ny¥G��Ú%ÚI°q=¿ÎË�©ª¢«íî'

$SPLUNK_HOME/bin/splunk start --accept-license --answer-no

=¿à�©ª�YG��ÚIÚInl()m)*ny¥°q1zy¹�,��èé¢«íî'

$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

51

^_¼_®*h'

!"#$%& �½_¾�¯¿-,+À,Á,��Â '

!"#$%&�½_¾�¯¿-,+À,Á,��Â '

Æ,J-b*cd_À,Á,¬� !"#$%& �Â °¾¢¶!"#$%& �¿-,+À,Á,¬Â ¢«íî¯»!"#$%& n�û_nÞ³7Ôð*«�Z[°q²´µp¶'

! ûü¢«[\ÊË°�{S(-©[Lý��h+è�ýþÒþ¾¢¶Æ¹{S(-ê��h+è_��¯-,+¾�¯*,Ô,À,Á,1hm*�()�zh*¢«Òeð*«]kð*ä¾¢¶'

! Q�Ù_1l,+©[L*hèy+àá� !"#$%& _��h+ènÍxÒþ»Â °¾¢¶'! èz*)¢«Õz+�,h÷,+GF8>6 �û_÷,+¯»-,+ÛÙ_Î_÷,+I�2()�°¾¢¶'

p¥5'F8>6 �û_÷,+¯-,+1hm*_þnÎþµøqp«�k»-,+¬Â ¢«íî»!"#$%& ¯÷,+ ·F6GTIT#HL _�{|-+èz*)÷,+I_þ�èz*)°¾¢¶�´°»nõän½_À,c�èc�GTIT#HLM%L ³òI�()*+,-°q»TIT#HL �,®�{S(-nÍxÒþ»!"#$%& ¬^_{S(-�OP¢«]kð¤'¬¢¶'

v'

¿-,+À,Á,k°q !"#$%& �Â ¢«n¯»�kn !"#$%& � rootk°q()*+,-¢«Òeð*ä¾¢¶^_!»�kq !"#$%& �èé¢«En»splunk��h+è_>�7�ØÙ¢«À,Á,n=¿°¾¢¶ûü¯ !"#$%& _()*+,-k¿-,+À,Á,splunkk°q_Â nù¢«Ñú¬¢¶'

F7 splunk�À,Á,©[L¹-,y¬:;¢«¶'

�K%$�»!H#�JKT»�JUU�!�_íî'

useradd splunk groupadd splunk

��Q'�! _íî'

b*cdÊË'ë'1Jö)+'F6�èpq»À,Á,k¹-,y�"#°¾¢¶'

>7 root k°q»µ�nÔza,3G®,Ý,-�å²I_úko�Ùpq»()*+,-�Â °¾¢¶'

�e5'!"#$%& ¯¾´��°³p¬²´µp¶'

97 chown�.)��q»splunk��h+èk^ønz¢«¢$q_>�7�ØÙ_À,Á,n=¿°¾¢¶'

chown -R splunk $SPLUNK_HOME/

p¥5'$SPLUNK_HOME¯!"#$%& _()*+,-��h+è��°¾¢¶'

52

67 !"#$%& ��°¾¢¶'


¾�»½_À,Á,¬Æ¹()°³ð�»!"#$%& � splunkÀ,Á,¬��¢«íî¯»sudo�.)��Ù°¾¢¶'

sudo -H -u splunk $SPLUNK_HOME/bin/splunk start

]_>_�.)�¯ûü�E°k°¾¢¶'

! !"#$%& ð½_Æa,b4)n()*+,-µø�íî¯»^øn~�q�.)�`_Ô*�¿%°¾¢¶''

! �Ùb*cdn¯ sudoð()*+,-µøqp¾��¶]_íî¯»su��Ù°¾¢¶'! ®,Ý,-��q()*+,-°»!"#$%& �*«ÛË_À,Á,Gsplunk³òI¬Â ¢«íî¯»À,Á,�v�¬:;¢«Òeð*ä¾¢¶''

! splunkÀ,Á,¯-.Mú�b;¢«�kn tp /dev/urandomZ_1hm*ðÒe¬¢¶''

!H#�JKT'F8_Û7'

splunkÀ,Á,¬ !H#�JKT'F8 Z()*+,-¢«íî¯»ÒY"#7Ô�ÊË°q splunkd��°Î_÷,+�«î°³ªø±³ä¾��¶'

!H#�JKT'F8 º¬ splunkÀ,Á,k°q splunkd��°Â ¢«íî'

# usermod -K defaultpriv=basic,net_privaddr,proc_exec,proc_fork splunk

splunkÀ,Á,n !H#�JKT'F8 º_Î_÷,+Z«î¢«]k�%¤°Â G-,+k°qI¢«íî'

# usermod -K defaultpriv=basic,net_privaddr splunk

!"#$%& _1)()*+,-'

!"#$%&_1)()*+,-'

1)()*+,-¢«En»!"#$%& �æç°¾¢¶$SPLUNK_HOME/binn��°»./splunk stop�àá°¾¢G�K%WH�T _íî¯ splunk stop_þI¶'

Æ,J-Ôza,3´��.)��DÙ°q»!"#$%& �1)()*+,-°¾¢¶�k�ò_íî»Ôza,3n[�q1�n()*+,-µø³��{S(-¯|áµø¾¢¶]ø�_{S(-n¯()*+,-��h+èn*«�){��0�,b4)ê()�zh*{S(-��þ¾¢¶'

p¥5'$SPLUNK_HOME¯»!"#$%& ()*+,-��h+è¬¢¶�K%WH�T º¬¯�{|-+¬»G5rHJHLJ�ï'�K#UTr!"#$%& k³ä¾¢¶§%K� ylz+{|,d_�k�ò_íî»�{|-+()*+,-��h+è¯/opt/splunk¬»��Q'�! _íî¯»/Applications/splunk¬¢¶'

SUWt�N'�K%$�'

SUWt�N ¬ !"#$%& �1)()*+,-¢«íî'

53

rpm -e splunk_product_name

�UNK�%'�K%$�''

�UNK�% ¬ !"#$%& �1)()*+,-íî'

dpkg -r splunk

�UNK�% º¬G�){��0�,b4){S(-��q�úåI'��¢«íî'

dpkg -P splunk

�JUU�!�'

�JUU�!� º_�{|-+Æa,b4)�� !"#$%& �1)()*+,-¢«íî'

pkg_delete splunk

�JUU�!� º_½_Æa,b4)�� !"#$%& �1)()*+,-¢«íî'

pkg_delete -p /usr/splunk splunk

!H#�JKT'

!H#�JKT º�� !"#$%& �1)()*+,-¢«íî'

pkgrm splunk

�K%WH�T'

�K%WH�T º�� !"#$%& �1)()*+,-¢«íî'

�)+Æ,-ÔÕ-_yÆ¹ld_"#kúåéyb4)��Ù°¾¢¶'

v�n[«!"#$%&_1)()*+,-'

Ôza,3´��.)��DÙ¬x³píî¯»�û_/ªn~�q !"#$%& �1)()*+,-°¾¢¶'

p¥5'�û_/ª¯»:;µø�¢$q_ K%KN *hèy+�úå°¾��¶''

F7 !"#$%& �æç°¾¢¶'

$SPLUNK_HOME/bin/splunk stop

>7 ?EnôT"#$%&ôð�¾ø«po¾¬/��³pyÆm*�Âó°»&K##'GúåI°¾¢¶'

'�K%$�'©[L'!H#�JKT _íî''

kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`

�JUU�!�'©[L'��Q'�! _íî'

kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`

97 !"#$%& ()*+,-��h+è_$SPLUNK_HOME7'�HJ'U��ï"#U �úå°¾¢¶'

' '

54

> '

rm -rf /opt/splunk

p¥5'��Q'�! _íî»þ�ÿn{|-õ��lz¹°q/()*+,-��h+è�úå¬x¾¢¶''

97 Xü¢«íî»1º��h+è�R_ !"#$%& _�,®*+1¾�¯()�zh*�úå°¾¢¶'

rm -rf /opt/splunkdata

67 Xü¢«íî»T"#$%& À,Á,k¹-,y�úå°¾¢¶'

�K%$�»!H#�JKT»�JUU�!�_íî'

userdel splunk groupdel splunk

��Q'�! _íî5b*cdÊË'ë'1Jö)+'F6¬»À,Á,k¹-,y�´�¬x¾¢¶'

�K%WH�T _íî5'�.)�yÆ)y+�èpq»msiÔza,3nB°q()*+,-°� msiexec /x

�.)��Â °¾¢¶'

�K%WH�T n()*+,-Ãn}~°�À,Á,_ÄÅ''

�K%WH�Tn()*+,-Ãn}~°�À,Á,_ÄÅ'

�K%WH�T's§P ()*+,-Ãn»ô¼_À,Á,ô�}~°q°¾p»^_À,Á,ðXü°³p»¾�¯@�qàá°q°¾��íî»!"#$%& �¾´èé°qp³ªø±»�K%WH�T'!UJVKQU'GH%NJH#'��%�LUJ ��Å°pÎÏ�/Ë¬x¾¢¶'

�K%WH�T's§P ()*+,-st¬Å�³À,Á,�/Ë°�íî¯»^ø�A�« >o_÷zy1zyVl,Èzm,3ð©ªµø¾¢¶'

À,Á,�=¿¢«íî'

F7 �)+Æ,-ÔÕ-'ë´�É,-'ë'É,w*_n}~°q»!"#$%&W'©[L'!"#$%&�UN'É,w*�Ó°¾¢¶'

]]¬»É,w*ðèéµøqp³p»©[LûüÆ,J-b*cdÀ,Á,ð>�°qp«]kð��ä¾¢¶'

>7 �É,w*�Úhèzh°q»yÆÔc��}~°¾¢¶É,w*nù¢«yÆÔc��õ(1Æ¹ð©ªµø¾¢¶'97 Æ¹é)®\�}~°¾¢¶'67 ]_1Jö)+_l3éÝ®)�}~°q»Å°p�È()!À,Á,?©[LÔ*�,��àá°¾¢¶'·7 nÙ�hèzh°¾¢¶'C7 ��hèzh°¾¢¶'C7 > oX_É,w*/ymn��°¾¢GÒY !"#$%&W k !"#$%&'�UN_�À�Â °qûµpI¶'

55

r7 ]ø¬»!UJVKQU'��%�LUJ ¾�¯ !"#$%& �.)�l()()®,{;,*��À_É,w*ðèé¬x¾¢¶'

*®)�1Æ)Ç 9767� �yÆ(È)+É,2,_ÊË'

*®)�1Æ)Ç9767��yÆ(È)+É,2,_ÊË'

!"#$%&'67�'Z_� �ÎË°qp«/__»�yÆ(È)+hl(1)+_� ¯!¬Âf°�píî¯»� �4Ë¢«¾¬Òe1�Ô�_��*®)�1Æ) 9767� �yÆ(È)+É,2,�ÊË°q»�yÆ(È)+hl(1)+n�Ù¬x¾¢G!"#$%&'67� �yÆ(È)+É,2,¯»67� [äE_2,34)_hl(1)+k_§à`ð*ä¾��I¶'

]_v¯ûü�E°n°¾¢¶'

! ]]#�%W�7T"#$%&7QHï n3X_�yÆ(È)+É,2,�ák°»�yÆ(È)+hl(1)+Ù÷,+·¸ A8A? ¬èz*)°¾¢¶'

! �yÆ(È)+hl(1)+¯¢$q 97� ¬*ä»]_�yÆ(È)+É,2,�÷,è)¹°¾¢¶'

! �yÆ(È)+hl*¯»�!H�§¨�.t��^�UNQ�ïHW$#UT�WKTNJKN$NUW�U"#HIïU%N�Q#�TTUT n*ä¾¢¶'

]_ !"#$%& ()*®)*/()�zh*É,2,¬_1zy¹�,�ðÒe¬¢¶'

ºf�E°n»�û_v¬Âf°¾¢¶'

F7 1,gchijnn°�1%_ !"#$%&'9767� �õö)Æ,�°¾¢¶'>7 tar ?zxvf $SPLUNK_HOME/etc > /tmp/splunk_old_etc.tgz�Ùpq»3X_�!H�§¨�.t��^�UNQ �2zh1zy°¾¢¶''97 !"#$%& �æç°»WU"#HIïU%N7QH%]©[L�yÆ(È)+hl*�úå°¾¢¶''67 �!H�§¨�.t��^'l'�H"N�T"#$%& _kx»�H"N�T"#$%&.H#W n��°¾¢¶^ø�R¯»9767�'®,Ý,-¾�¯ J"ï��{|-+_í>n()*+,-°¾¢¶'·7 T"#$%&.H#W.UNQ7NLu�%'()*+,-_ºn"j°¾¢¶'C7 �H"N�T"#$%&.WU"TUJVUJ�UNQ�TITNUï�#HQ�# ¾�¯�H"N�T"#$%&.WU"TUJVUJ�UNQ��""T�`_K%"$NT7QH%]�H$N"$NT7QH%]{S(-�úå�?E=¿°¾¢¶%"$NT7QH%]»H$N"$NT7QH%]»©[L=¿µøqp³p T"#$%&M#�$%QM7QH%]�R¯�5¢$qG$NMU%NKQ�NKH%7QH%]»TUJVUJ7QH%]»�H"N�T"#$%&�UNQ�"�TT�W»�H"N�T"#$%&�UNQ��$NM�t³òI¯|á°�p¯Y¬¢¶'r7 G�P ¾�¯�UN7QH%]�DÙ°q%'n()*+,-°�()*®)*_ !"#$%&'�UN�Å�n°¾¢¶'A7 mv /opt/splunk /opt/splunk_depserver�Â °¾¢¶'?7 �H"N�T"#$%&.WU"TUJVUJ�UNQ�T"#$%&M#�$%QM7QH%]�TU°»�!H�§¨�.t��^��H"N�T"#$%&.WU"TUJVUJn=¿°¾¢¶�!H�§¨�.��/ÊË¢«íî¯»]_=×��È)+1ö+°q»%°p()*®)*ðÂ�,®*+1nÍxÒ¾ø³p[\n°¾¢¶'

56

F87 ]_�yÆ(È)+É,2,ð&'°ßª«]k�Z[¢«�k»^_l(m)*� 97� {|�,õl(m)*nÞä\�¾¢¶�!H�§¨�.t��^�UNQ�T"#$%&M]HJ��JWUJ7#KQU%TU ��!H�§¨�.t��^�UNQ�T"#$%&7#KQU%TU n�A,°¾¢¶'FF7 /opt/splunk_depserver/bin/splunk start�Â °¾¢¶'F>7 mv /opt/splunk_old /opt/splunk�Â °»^_!� �Â °¾¢¶'F97 � °�!*®,+1zyÃn»!"#$%& ¯Â´�÷,+_«î�Ûj°»´�9n´�÷,+_=¿�Ð°¾¢¶]_%'÷,+_ü²¯´�°q»��ÛÜ¾�¯S^!ñ �){��0�,b4)_£n¿%¢«Òeð*ä¾¢¶'

F67 /opt/splunk_depserver/bin/splunk list deploy-clients ?auth admin:changeme

�Â °q»�yÆ(È)+hl(1)+ð�yÆ(È)+É,2,kgd°qp«]k�Z[°¾¢¶''F67 SUVKU�'�H"N�T"#$%&.WU"TUJVUJ�V�J�#HL�T"#$%&�T"#$%&W7#HL k�H"N�T"#$%&�V�J�#HL�T"#$%&�T"#$%&W7#HL ¬Vl,_Âb�Z[°¾¢¶'

01-’ 2,34)5’67879’ :;88?@AB>C

Documents

Transcript of 01-’ 2,34)5’67879’ :;88?@AB>C