Getting Splunkd
By Scott Head
Professional Systems Administrator for over 20 Years
Best Viewed @ 1920 x 1080
So, just like all the other skills I have, I like to document my work as I go. I do this so I can reference it later. I also hope that others may get some use out of my posts. This stie is dedicated to Splunkd and all the wonderful tools that it comes with. I am lucky enough to work with this software in a live production environment so I can take my lab skills at home and put them to work for my company. ​
​
I am usually close to 100% accurate on my websites with scripts, queries, and other things I post on the web. There is nothing I hate more than following someone’s post and it doesn't work.
​
Scroll Down....
If you are new to Splunking ..... I will share my insight. Splunkd is a application that you can install on MS Windows and Linux that is designed to accept syslog, Event Logs, IIS Logs, Firewall Syslog and much much more.
​
​So one might think that’s not much of a big deal and that function alone isn't, but Splunkd also has a variety of tools that allow users to search through these logs and generate reports, alerts and also save and share their search queries. When a company has a multitude of servers, workstations, firewalls, switches, PLC, ant-virus manager, patch management system etc. It is a invaluable tool to give system admins the ability to search and review these logs all in one place.
What I've Learned
The main thing I have learned so far is attention to detail. I made a receiver on the server for port 9997 but then on the Universal Forwarder spent a while trying to figure out why I could not get input from my remote server.
​
​​Finally the need to click to custom install option when installing the Universal Forwarder. This allows access to prompting for check boxes to enable forwarding of events from MS Windows Event Viewer.
Latest Updates
I have applied as much of my brain dump as I could as I learned the basics of SPL and using Splunk search.
Have some great dashboards and even added functionality to them usig textbox searches as well as onclick features. Coming Soon!
Posted my first chart and moving towards applying them to dashboards.
I have set up my indexes and installed and configured a Universal Forwarder gathering Windows Events. I have also modified the inputs.conf file to schedule and execute PowerShell scripts for gathering server details.