November 21, 2008
Installing Splunk Part 2 of 5 – Finishing the OS Install
This is the second part of the installation of the operating system
for a Splunk deployment. The first portion
of the installation got us through the longest part of the installation. We
have our partitions in place and are ready to move on to the next steps and finish
- Click the “Software” portion
of the installation summary to adjust the packages that are installed on the server.
- On the left hand side There will
be a summary or all the packages that are installed by default. De-select
all packages except the very top selection.
- Highlight File Server on the
left of the screen. The window on the right of the screen
will be populated with different file server utilities.
- Go down and select samba client
utilities only not the entire Samba module.
- Click “Accept” in the bottom
right of the screen. An automatic dependencies window
will pop-up. Click OK. This
will take you back to the installation summary page.
- Select install and allow the
server to format the partitions and install the Operating System. If
a DVD is used to install the Operating System the server should run the install for
approximately 20 to 30 minutes and then reboot.
- Once the installation is complete,
you will have to configure the system settings (NOTE. All
configurations from this point forward will be performed in a Non-GUI environment
so you will need to use the keyboard to navigate through the server.) Enter
a password for “root”. Ensure that the password meets
or exceeds currentpassword policies and is documented.
- Enter a hostname that conforms
to your company’s
system naming scheme. De-select the option to have the hostname updated via DHCP. Select
- The next screen will allow you
to make changes to the network and firewall configuration. Tab
to change in the bottom right of the screen and hit enter this will bring up the drop
down menu for allowed changes.
- Select Firewall and hit enter
to create the firewall allowed services and ports. Use
the down arrow key on the firewall screen to select allowed services.
- Tab to the DHCP Client Section
and press the down arrow key. This will bring up a list
of pre-defined services. Still using the down arrow key
scroll down to SSH.
- Once SSH is highlighted press
enter and SSH will now be in the selection area where DHCP Client was. Tab
to Add and press enter. This will show SSH in the allowed
services box on the center of the screen.
- Use steps 66 and 67 to add HTTPS
to the allowed services. Then tab to Advanced and press
enter. In the advanced dialog box enter TCP Ports 8089,
9997 these should be separated with a space. Then enter
514 in UDP.Tab to OK and press enter.
- Tab to next and press enter.This
will bring you back out to the Network Configuration main screen tab to change and
press enter.Use the arrow key to select Network Interfaces.
- You will be presented with a
list of the network interfaces found on the server. Typically
on most servers there will be at least two or more interfaces. Select
the interface that you have decided to use.
- Tab to Edit and press enter.Tab
to Static IP and press the space bar to select static. Tab
to IP Address and enter the IP that is assigned to this server. Change
the SubNet Mask if appropriate and tab to Hostname and Name Server. Press
- Press enter and you will be brought
into the DNS and hostname screen. Check the hostname and
domain that was entered earlier and then tab to the name server sections and add the
DNS servers that are assigned within
- Tab to OK and press enter.This
will bring you back to the Network Address Setup screen. Tab
to Routing and press enter. Tab to the Default Gateway
entry box and enter in the Default Gateway for the network.
- Tab to Ok and press enter.This
will bring you back to the Network Setup Screen. Tab to
OK and press enter. On the next screen tab to next and
- At this point you will be brought
back to the Network Configuration screen, tab to Next and press enter.
- This will bring up the Saving
Network Configuration screen with a status bar at the bottom. Once
it reaches 100% it will take you to the next screen automatically.
- The next screen will be there
to test the internet connection once you click next it should try to contact Novell
to download the latest release notes. As long as it does
not fail tab to Next and press enter.
- If the test fails. Tab
to Next and press enter. Further troubleshooting will
be contained later.
- The next screen will be the Selection
of user authentication. For the purposes of the Splunk
Deployment local authentication has been selected.
- Tab to Next and press Enter. This
will bring you to the Local Users screen. Enter the information
for at least one user. You have to have at least one user
created as later in this document we will be disabling remote access for Root.
- Tab to Next and press enter.This
will bring you to a System Configuration screen. The progress
bar at the bottom of the screen will run through.
- Once the progress bar reaches
100% you will automatically be brought to the next screen.
- The next two screens are erroneous
for this installation. Next will be highlighted so you
will just need to press enter to be advanced to the next screen until you reach the
final installation screen.
- Tab to Finish and press enter.This
will start to bring the server up for the first time. The
initial screen will appear similar to this.
- Once the server is done starting
it will provide you with a login prompt. Login as Root
by typing root at the prompt and pressing Enter. You will
then be prompted for the root user password. Enter the
password. That’s it the basic operating system is installed and ready to go
for you Splunk server. Although this could be used for a basic installation
guide the partition layout is geared specifically for Splunk and would need to be
adjusted for file server or web server duties. The final step is to try to ssh
to the server ip and log in as root from another system on your network.One
On the next installment of this blog I will go through the initial Splunk installation
and configuration. I will also discuss the architecture involved with log forwarding
to Splunk and the considerations for client deployment.