Install Splunk 7 on Ubuntu 16.04.5

Splunk on Ubuntu 16.04

  1. change interface name to normal
    vi /etc/default/grub
    add net.ifnames=0 biosdevname=0 to GRUB_CMDLINE_LINUX line

grub-mkconfig -o /boot/grub/grub.cfg

reboot

  1. timedatectl set-timezone UTC, NTP enable local server
    Ubuntu NTP: using timesyncd service

if using ntp, then stop and remove it
systemctl stop ntp
update-rc.d ntp disable
sysv-rc-conf to confirm
apt-get -y remove ntp

using timesyncd service
vi /etc/systemd/timesyncd.conf
NTP=0.cn.pool.ntp.org 1.cn.pool.ntp.org

systemctl start systemd-timesyncd
systemctl status systemd-timesyncd

  1. tune ulimit parameters
    vi /etc/security/limits.conf
    • soft nofile 65535
    • hard nofile 65535
    • soft nproc 65535
    • hard nproc 65535

Disable Transparent Huge Page
vi /etc/systemd/system/disable-thp.service
[Unit]
Description=Disable Transparent Huge Pages (THP)

[Service]
Type=simple
ExecStart=/bin/sh -c "echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled && echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag && echo '0' > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag"

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl start disable-thp
systemctl enable disable-thp

reboot to take effect, ulimit -a to check

  1. install splunk enterprise
    under root privilege:
    useradd -m splunk
    tar zxf splunk.xxx.xxx.gz -C /opt
    chown -R splunk:splunk /opt/splunk
    su - splunk
    /opt/splunk/bin/splunk start --accept-license
    /opt/splunk/bin/splunk enable boot-start -user splunk ( should use root permission to run )

  2. ufw enable
    ufw allow 8000
上一篇:关于ruby


下一篇:Linux(Ubuntu/CentOS)安装splunkforwarder步骤