I also allowed this traffic from the web server’s IPv4 address via the AWS security group associated with the EC2 instance. I enabled a receiver via Splunk web (see Enable a receiver for Splunk Enterprise for information). ![]() I installed the Splunk forwarder on the target web server. I’m more interested in setting up the Splunk Universal Forwarder on a different server and ingesting logs from the web server. Next question: how do I get data into Splunk? The Splunk Enterprise download page helpfully includes a link to a “Getting Data In - Linux” video, although the video focused on ingesting local logs. The diskspace remaining=3962 is less than 1 x minFreeSpace on /opt/splunk/var/lib/splunk/audit/db This warning appeared in Splunk’s health status: MinFreeSpace=5000. My connection to 203.0.113.18:8000 was not encrypted, but one thing at a time, right?ĭisk space, as I suspected, might be an issue. The installation works! I was able to connect to 203.0.113.18:8000 in a web browser. I added an inbound rule the security group associated with the EC2 instance to allow 8000/tcp traffic from my home IPv4 address. Important to note, since I used an 8 GB HD, the default volume size when I launched the EC2 instance. Yum reported the installed size as 1.4 GB. ![]() I’m using Splunk 9.0.3, the current version as of this writing. ( 203.0.113.0/24 is an address block reserved for documentation, see RFC 5737.) I always have to look that up.)įor purposes of this post, I’ll use 203.0.113.18 as the EC2 instance’s public IP address. (One thing to note, the default user for Amazon Linux is ec2-user. I picked Amazon Linux, which uses yum and RPMs for package management, familiar from the RHEL, CentOS, and now Rocky Linux servers I use frequently. That instance size might be too small, but I’m not planning to send much data there. I launched an EC2 instance in AWS (Amazon Web Services). I’ll give it more thought over the next 60 days. ![]() I use Splunk at my day job, so this is in some sense Splunk practice. If you want to run Splunk Enterprise to practice searches, data ingestion, and other tasks without worrying about a license, Splunk Free is the tool for you. It’s not really clear that the free license covers what I’m trying to do here. Splunk Enterprise offers a 60-day trial license. But I already use Splunk at work, why not run Splunk at home too? I’ve considered a number of other options, including Matomo. The data is useful and well-presented, but I really just want basic web stats without sending all my web stats (along with data from my users) to Google.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |