![]() ![]() From this file, we notice that it is currently enabled. I'll check for the contents of the file using the Linux command cat, followed by the location of the file. This folder or file contains the Se Linux configurations. For this example and the simplicity of this course, we can see how to disable Sea Linux. If we do not want to completely disable Se Linux, we must allow Se Linux to run Splunk using other methods, such as whitelisting the Splunk process to be allowed or as an exception from running outside Se Linux. One more process to consider disabling is ourSELinux, which is also known as Secure Linux. Prerequisites for Splunk Installation : Part 2 In our case, neither Transparent Huge Pages nor the THP are installed. I'll check whether we have that file or the process installed. Because we can see if we have Transparent Huge Pages installed or not in our cloud. If we have transparent huge pages installed on our Reddit machine or Sentos, this is where we can disable the entry in this file. ![]() So it is recommended by Splunk to disable the process before installing Splunk.Īnd this is the location of the file. THPor Transparent Huge Pages is one such process that has been known to cause numerous issues when running alongside Splunk. So it is recommended by Splunk to disable some of these processes on Splunk servers. Some of the processes in Linux are known to cause issues during Splunk's regular operations. So, now that we've completed the first requirement, let's move on to the next. This port is the default, but it can be customised to any other port, and that should be it for starting the installation once we have the firewall rules set. One more important Firewall request to take into consideration is the "universal forwarder to index communication on port triple nine seven," that is, 9997, which is used to send logs to our indexes. To summarize, make sure HTTP and HTTPS are allowed on ports 80, 80, 89, port deployment, server, and other indexes, heavy forwarders and searches, and any other components of Splunk. There are a few more ports like KvStore, which is 8191, and app server ports like 8065, which are used in specific scenarios locally and shouldn't cause any trouble for our installation. The Splunk web port 8000 should be allowed for HTTP and HTTPS traffic. Let's begin by discussing Fire Rules, which should be mainly focused on port 8000, which is a Splunk web port, and 8089, which is our Splunkdaemon, also known as the management port. Prerequisites for Splunk Installation : Part 1īefore starting the installation of Splunk, we need to make sure a couple of prerequisites are met so that after the installation, Splunk should be able to run without any performance issues. Installation and Configuration of Splunk Components 1. SPLK-1003: Splunk Enterprise Certified Admin certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |