Installing Splunk


 

Assignment:

In this assignment, students will install Splunk Enterprise on their CentOS VM. A typical enterprise deployment will consist of multiple servers for each of the different roles. For instance, large deployments often consist of a cluster of indexers, a cluster of search heads, and then one or more heavy forwarders. Refer to the Instruction located on the Accessing Your Splunk Course Materials page.

For our use case in this course, we will be using a single-instance deployment. This deployment topology is described in the first module of the Splunk Infrastructure Overview course (https://education.splunk.com/course/splunk-infrastructure-overviewLinks to an external site.). That course is free and optional but highly recommended.

Instructions for installing Splunk in your Maryville VM environment are shown below:

To complete the assignment, you will be required to upload two screenshots that capture the output of the Splunk queries specified below. Each screenshot will be worth 10 points.  

Query 1:

| rest splunk_server=local count=1 /services/server/info | table host, version, health_info

Query 2:

| rest /services/authentication/users | eval logon_time=strftime(last_successful_login,"%m/%d/%y %H:%M:%S") | table title, roles, logon_time

This assignment is due by 11:59 PM on Sunday. 

Optional Readings

The two Splunk manuals below are optional reads.  You may find them helpful as you work through this assignment.