Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- How to create splunk app,get data in and search wh...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am starting with creating a splunk app on my laptop for practising. This will include getting data in splunk,creating fields,masking info,and then creating report and visualisation in search head.
How to proceed with this, how to set up different instance for search head,indexer and forwarder in my laptop?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wouldn't really recommend trying to set up multiple instances of Splunk on a windows laptop directly.
If you really want to practice with a distributed setup, I think it would be best to install a tool like virtualbox to spin up one or more linux VMs on your laptop and then set up the desired Splunk instances on those.
Alternatively, have a look at this blog post about using Docker to spin up Splunk instances for practicing / testing purposes: https://www.splunk.com/blog/2018/01/17/hands-on-lab-sandboxing-with-splunk-with-docker.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wouldn't really recommend trying to set up multiple instances of Splunk on a windows laptop directly.
If you really want to practice with a distributed setup, I think it would be best to install a tool like virtualbox to spin up one or more linux VMs on your laptop and then set up the desired Splunk instances on those.
Alternatively, have a look at this blog post about using Docker to spin up Splunk instances for practicing / testing purposes: https://www.splunk.com/blog/2018/01/17/hands-on-lab-sandboxing-with-splunk-with-docker.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Frank,
Would you be having detailed steps for spinning up multiple instances with virtual box as well?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I don't have detailed steps for that readily available. There is 2 main approaches: spin up multiple linux VMs and then have a single Splunk instance on each, or spin up a single linux VM and put multiple instances on it.
For the first approach: there should be plenty of online tutorials / guides on how to set up linux VMs in virtualbox. For the second approach the wiki mentioned in one of the earlier comments on your question may provide some good clues (as far as I know key thing is to bind each instance to a separate set of ports).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any specific reason you want to practice using multiple instances and not just use a single instance that performs all the functions in one?
What OS do you have on your laptop?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wanted to practise for distributed environment for which separate instance would be required.I am using windows 10 currently.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use this link for installing multiple splunk instances :
https://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
