OVERVIEW
Splunk Enterprise collects data from any source, including metrics, logs, click streams, sensors, stream network traffic, web servers, custom applications, hypervisors, containers, social media, and cloud services.
GET STARTED
To verify the installation, follow the below instructions
Step 1. Connect to SSH:
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances.
Select the instance and choose Connect.
Choose SSH Client
Copy the SSH command and paste it into the terminal.
ssh ubuntu@publicIP -i [Path of key pair file]
If it shows an access denied message run the following command, then run the above command again to connect via ssh.
chmod 400 [Path of key pair file]
Once launched in the Amazon EC2 Service, please connect to the instance via an SSH client using the ec2-user with the key pair associated at launch. Once connected as the ec2-user user, you will be able to sudo to the root user .
Access and Security
Please update the security group of the target instance to allow the below ports and protocols for access and connectivity.
To add a rule to a security group for inbound SSH traffic over IPv4:
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
From the top navigation bar, select a Region for the security group. Security groups are specific to a Region, so you should select the same Region in which you created your instance.
In the navigation pane, choose Instances.
Select your instance and, in the bottom half of the screen, choose the Security tab. Security groups list the security groups that are associated with the instance. Inbound rules display a list of the inbound rules that are in effect for the instance.
For the security group to which you'll add the new rule, choose the security group ID link to open the security group.
On the Inbound Rules tab, choose Edit inbound rules.
On the Edit inbound rules page, do the following:
Choose Add rule.
For Type, choose SSH, HTTP, Custom TCP
In Custom TCP add in the Port range - 8000 ( For application Dashboard)
For Source, choose Custom and then choose in the CIDR block 0.0.0.0/0
Choose Save rules.
Step 2. Verify the installation
Follow the steps to verify the installation and Login
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances and select your instance.
The following information is available on the Networking tab: Public IPv4 address
Copy its public IP.
Paste the public IP into a new browser tab (do not hit enter yet)
Append:8080 to the end of the public IP. http://<Public id>:8000
Hit Enter then the splunk dashboard will open.
6. YOUR USERNAME = Admin || YOUR SPLUNK PASSWORD = Password123
7. After Sign In you will get your dashboard-like page shown below:
Use the following procedure to reset credentials on a user account:
1. In Splunk Web, click Settings > Access Controls > Users.
2. In the Users page, select the user whose password you want to change.
3. Type a new password for the user. Distribute this password to your user.
4. Click Save.
To monitor and assess application functions:-
a. Navigate to your Amazon EC2 console and verify that you're in the correct region.
b. Choose Instances and select your launched instance.
c. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed.
Prescriptive guidance on managing AWS service quotas. For more information please visit: https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
For detail information about how to use this application please visit :https://www.tutorialspoint.com/splunk/index.htm
Comentarii