Splunk

Overview

• Step 1: Sign Up on Splunk Website
• Step 2: Download Splunk Free
• Step 3: Install Splunk Enterprise on Mac OS
  • Step 3.1: Open dmg file
  • Step 3.2: Click the Install Splunk icon and follow the steps
  • Step 3.3: Set up the administrator's username and password
• Step 4: Login Splunk Web Portal
• Manage Splunk by CLI
• References

---

Step 1: Sign Up on Splunk Website

• Create Your Account

Step 2: Download Splunk Free

• Splunk Enterprise 7.2.6

Step 3: Install Splunk Enterprise on Mac OS

Step 3.1: Open dmg file

Step 3.2: Click the Install Splunk icon and follow the steps

Step 3.3: Set up the administrator's username and password

Step 4: Login Splunk Web Portal

• http://localhost:8000
• Use the administrator's username and password to log in.

---

Manage Splunk by CLI (Command-Line Interface)

The path of Splunk CLI file (Mac OS):

/Applications/splunk/bin/splunk

Common commands

• Manage Splunk server
  • Start server: ./splunk start
  • Stop server: ./splunk stop
  • Restart server: ./splunk restart
  • Check server's status: ./splunk status
• Manage apps
  • Add an app: ./splunk create app [appname] -auth <username>:<password>
  • Remove an app: ./splunk remove app [appname] -auth <username>:<password>
• Manage data inputs
  • Add a data input
    • UDP: ./splunk add udp [portnumber]
    • TCP: ./splunk add tcp [portnumber]
  • Remove a data input:
    • UDP: ./splunk remove udp [portnumber]
    • TCP: ./splunk remove tcp [portnumber]
• Run a command with authentication
  • Append -auth <username>:<password> at the end of the command.

---

References

• About the CLI
• Get data from TCP and UDP ports
• Manage app and add-on objects