# Splunk ###### tags: `服務安裝流程` splunk 使用版本7.1.1 ## splunk-Client ### 下載splunk forwarder ``` wget https://download.splunk.com/products/splunk/releases/7.1.1/linux/splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb ``` 8.0.1 wget -O splunk-8.0.1-6db836e2fb9e-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.1&product=splunk&filename=splunk-8.0.1-6db836e2fb9e-linux-2.6-amd64.deb&wget=true'v ``` wget -O splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.1&product=splunk&filename=splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz&wget=true' ``` - 下載完成後，使用以下命令安裝下載的文件： ``` sudo dpkg -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb ``` - 接下來，您需要啟用Splunk服務以在啟動時啟動。您可以通過運行以下命令來執行此操作： ``` sudo /opt/splunk/bin/splunk enable boot-start ``` - Next, start Splunk service using the following command: - 接下來，使用以下命令啟動Splunk服務： ``` sudo service splunk start ``` - You should see the following output: - 您應該看到以下輸出： ``` Starting splunk server daemon (splunkd)... Generating a 2048 bit RSA private key ............+++ ............................................................................................................................................+++ writing new private key to 'privKeySecure.pem' ----- Signature ok subject=/CN=Node3/O=SplunkUser Getting CA Private Key unable to write 'random state' writing RSA key Done ``` #### Access Splunk Web Interface - Splunk server is now running and listening on port 8000. Open your web browser and type the URL http://your-server-ip:8000, you will be redirected to the following page: - account = admin -  -  ### 差異: (原)複雜又多的log檔  (後)能搜尋or知道值數們多寡的好東西  ## 使用手冊 從左方">==Search & Reporting==" 進入  進入資料摘要  點選我們該台主機  就能收尋、檢視已上傳的log們了