Skip to main content

Setup splunk for virtual machine using Vagrant and Ansible





Splunk is a great tool for collecting and indexing data in any kind(log files, changes, tickets, scripts…) from any sources (sensors, networks, databases, smartphones,..(
Then creating index for data which then support us to analyse data or search data in the way we like it.

We want to try installing Splunk on Virtual environment in order to test, try, study… And with Vagrant&Ansible we can easily save our virtual machine configuration for next time use(in case my virtual machine was broken).

There is already Splunkbox by Phips on githubs for simply installing: https://github.com/phips/splunkbox

1.Download and install Virtual Box (You need a Virtual machine provider for Vagrant(Virtualbox is prefered))
https://www.virtualbox.org/wiki/Downloads
2. Download and install Vagrant
  http://www.vagrantup.com/downloads
3. Download and install Ansible
  http://docs.ansible.com/intro_installation.html
  For MAC: https://devopsu.com/guides/ansible-mac-osx.html
4. Clone splunk box
  https://github.com/phips/splunkbox
5. Download the centos virtual box
  http://vntx.cc/boxes/centos65.box
6. Add centos virtual box to vargant

$> vagrant box add c65 <your centos65.box path>

7. Setup splunk for virtual box(using vagrant and ansible)
Your centos c65 is already added to vagrant, but in order to setup splunk to that virtual machine, we need to prepare splunk’s setup files(Linux version) and some splunk’s applications.
7.1 Prepare splunk rpm
+ Download splunk for LINUX and put it in a <your splunkbox directory>/sw/ 
http://www.splunk.com/download
+ Check it's the same version as mentioned in <your splunkbox directory>/playbook.yaml and adjust the filename accordingly if it's not.
ex: splunkver: 6.1.1-207789-linux-2.6-x86_64 —> splunkver: <newest version’s name>

7.2 Download necessary apps for Splunk
Splunk lets you install useful apps for search, analyse... your data.
+ Take a look at <your splunkbox directory>/playbook.yaml, there is some applications required to be downloaded: 
+ Download SideView Utils: https://apps.splunk.com/app/466/
Put it in <your splunkbox directory>/sw/ 
+ Download SoS: https://apps.splunk.com/app/748/
Put it in <your splunkbox directory>/sw/ 
+ Download Splunk-6 dashboard: https://apps.splunk.com/app/1603/
Put it in <your splunkbox directory>/sw/ 
+ Download Splunk App for UNIX and Linux: https://apps.splunk.com/app/273/

7.2 Spunk setup
+ Navigate to splunkbox directory
+ Run command: $>vagrant up 

What Vagrant and ansible do is in 2 files: 
+ Vagrant runs following to the configuration ins <Your splunkbox folder>/VagrantFile. It setup vmbox environment and call ansible to run.
+ Ansible run following to the playbook.yaml, run the splunk setup. 

8. Run splunk
Open browser, type: localhost —> splunk will appear
If fail:
+ set ip address for the virtual computer
   +Navigate to folder: <your splunkbox folder>
   +Open Vagrantfile, edit like following:

# -*- mode: ruby -*-
# vi: set ft=ruby :

 Vagrant.configure("2") do |config|
  config.vm.box = "c65"
  # config.vm.box_url = "http://vntx.cc/boxes/centos65.box"
  config.vm.network :private_network, ip: "192.168.50.2"
  config.vm.network :forwarded_port, guest: 80, host: 8080

   config.vm.provider :virtualbox do |vb|
    vb.gui = false
  end

   # provision with ansible
  config.vm.provision "ansible" do |ansible|
    ansible.playbook          = "playbook.yaml"
    ansible.sudo              = true
    ansible.host_key_checking = false
    # ansible.extra_vars        = { installapps: false }
  end
end


  +Save Vagrantfile
+ run command to stop/start vagrant: 
$> vagrant halt
$> vagrant up 
+ Open browser, type: 192.168.50.2 —> TADA!

NOTICE: You can browse your virtual computer by ssh
+ Navigate to <your splunkbox folder>
+ $>vagrant ssh
—> Your virtual machine appears
+ <your splunkbox folder> is also your share folder between your host machine and virtual machine




Labels:

Comments

Post a Comment

Popular posts from this blog

Install Ruby on Rails on MAC

Hello, I am quite familliar with Apache's friend products like XAMPP, LAMPP... And this is the first time I try Ruby on Rails(RoR). I'm quite stuck on installing it. As a normal PHP guy, I first try install Rails, following this tutorial: http://installrails.com/ And the next thing I want to learn about is how RoR works with MySQL, PhpMyadmin. So I tried to make it connect to XAMPP's MySQL but it did not work at all. I found out that, using mySQL in XAMPP package is not a common method, what I should do is to install MySQL as a single service onto my MAC. So I did following: 1. Install MYSQL with HomeBrew Did you install HomeBrew, if not, please follow:  https://coolestguidesontheplanet.com/installing-homebrew-on-os-x-el-capitan-10-11-package-manager-for-unix-apps/ Next, type this command to install MySQL to your machine: $ brew install mysql This will install mysql to your computer, if the installation is success, you could try start using mySQL with this c
1 comment
Read more

iOS 13 presentViewController has updated transition way

Very surprised that my weather widget app is not updated it content automatically after a view has appeared. First, I called self presentViewController to present a view, after closing that view, I hope that my below view will call  -( void )viewWillAppear:( BOOL )animated{ but nothing happens. I started figuring out that on iOS 13, the view which is presented is displaying like a floating window, not fullscreen, like below. This is new in iOS 13. Quite cool, you can swipe the screen down, without pressing a close button. in order to get the below view called, you need to use Delegate BIG CHANGE~
Post a Comment
Read more