wiki

User Tools

Site Tools

Trace:
monitoring:splunk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
monitoring:splunk [2024/03/25 17:54]
manu 		monitoring:splunk [2024/07/03 11:13] (current)
manu [AIX]
Line 2: Line 2:
  
 ===== AIX ===== ===== AIX =====
 +
 +Current splunkforwarder version is 9.2
 +
 +<cli prompt='>'>​
 +root@aix01 /root> cat /​opt/​splunkforwarder/​etc/​splunk.version
 +VERSION=9.0.1
 +BUILD=82c987350fde
 +PRODUCT=splunk
 +PLATFORM=AIX-powerpc
 +</​cli>​
  
 Create a user splunk and group Create a user splunk and group
Line 37: Line 47:
 Untar the splunk forwarder package and start install, as **splunk user** Untar the splunk forwarder package and start install, as **splunk user**
 <cli prompt='>'>​ <cli prompt='>'>​
 +rootaix01 /opt> chown -R splunk.splunk /​opt/​splunkforwarder
 +
 splunk@aix01 /​home/​splunk>​ /​opt/​splunkforwarder/​bin/​splunk start --accept-license --answer-yes --auto-ports --no-prompt splunk@aix01 /​home/​splunk>​ /​opt/​splunkforwarder/​bin/​splunk start --accept-license --answer-yes --auto-ports --no-prompt
 This appears to be your first time running this version of Splunk. This appears to be your first time running this version of Splunk.
Line 129: Line 141:
 </​cli>​ </​cli>​
  
 +Script to Upgrade/​install splunk agent
 +<​code>​
 +[root@nim01]/​root/​scripts>​ cat install_splunk.sh
 +#​!/​bin/​ksh93
 +# V1.0 initial version
 +
 +splunk_version="​VERSION=9.2.1"​
 +
 +echo "​Install/​Upgrade Splunk VERSION=9.2.1"​
 +
 +#​-----------------------
 +create_user()
 +{
 +echo "Add user splunk"​
 +mkgroup -a id=1500 splunk
 +mkuser -a id=1500 pgrp=splunk gecos='​splunk'​ splunk
 +lsgroup splunk ; lsuser -a id pgrp groups splunk
 +chuser fsize=-1 data=2621440 rss=262144 splunk
 +
 +chgrpmem -m + splunk oinstall 2>/​dev/​null
 +}
 +
 +#​-----------------------
 +create_fs()
 +{
 +echo "​Create /​opt/​splunkforwarder filesystem"​
 +mv /​opt/​splunkforwarder /​opt/​splunkforwarder1
 +mkdir /​opt/​splunkforwarder
 +chmod a+rx /​opt/​splunkforwarder
 +mklv -t jfs2 -y splunklv rootvg 1G
 +crfs -vjfs2 -m /​opt/​splunkforwarder -d splunklv -Ayes -a log=INLINE
 +mount /​opt/​splunkforwarder
 +chown splunk:​splunk /​opt/​splunkforwarder
 +mv /​opt/​splunkforwarder1/​* /​opt/​splunkforwarder
 +rm -r /​opt/​splunkforwarder1
 +startsrc -s splunkd
 +}
 +
 +#​-----------------------
 +stop_splunk()
 +{
 +echo "Stop process"​
 +stopsrc -g splunk
 +for i in $(ps -ef | grep -v grep | grep splunk | grep -v install_splunk | awk '​{print $2}')
 +do
 +kill $i
 +done
 +ps -ef | grep splunkd |grep -v grep
 +}
 +
 +#​-----------------------
 +backup()
 +{
 +mkdir -p /​opt/​splunkforwarder
 +mkdir -p /root/old
 +cd /​opt/​splunkforwarder/​etc/​system/;​ tar cvf /​root/​old/​splunk_local.tar local
 +rm /​etc/​rc.d/​init.d/​splunkforwarder /​etc/​rc.d/​rc2.d/​K10splunkforwarder ​ /​etc/​rc.d/​rc2.d/​S10splunkforwarder
 +}
 +
 +#​-----------------------
 +install_bin()
 +{
 +echo "​Install Splunk"​
 +mount nim01:/​repository1/​splunk/​aix /mnt
 +cd /opt
 +tar xvf /​mnt/​splunkforwarder-9.2.1-78803f08aabb-AIX-powerpc.tar
 +umount /mnt
 +}
 +
 +#​-----------------------
 +rebuild_outputs()
 +{
 +echo "​Overwrite:​ outputs.conf"​
 +cat > /​opt/​splunkforwarder/​etc/​system/​local/​outputs.conf << EOF
 +[tcpout]
 +defaultGroup = default-autolb-group
 +
 +[tcpout:​default-autolb-group]
 +server = splunk-prd.xxx:​9997
 +
 +[tcpout-server://​splunk-prd.xxx:​9997]
 +EOF
 +
 +}
 +
 +#​-----------------------
 +build_inputs()
 +{
 +echo "​Overwrite:​ inputs.conf"​
 +cat > /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp << EOF
 +[default]
 +host=myhostname
 +disabled=0
 +ignoreOlderThan = 30d
 +
 +EOF
 +
 +host2=`echo "​host="​$(hostname -s)`
 +cat /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp | sed "​s/​host=aixa065/​$host2/"​ > /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf
 +rm /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp
 +
 +}
 +
 +#​-----------------------
 +rebuild_inputs()
 +{
 +echo "​Modify:​ inputs.conf"​
 +cp /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp1
 +build_inputs
 +grep -vp '​\[default\]'​ /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp1 >> /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf
 +rm /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf.tmp1
 +}
 +
 +#​-----------------------
 +rebuild_server()
 +{
 +echo "​Modify:​ server.conf"​
 +cp /​opt/​splunkforwarder/​etc/​system/​local/​server.conf /​opt/​splunkforwarder/​etc/​system/​local/​server.conf.tmp
 +cat /​opt/​splunkforwarder/​etc/​system/​local/​server.conf.tmp | sed "​s/​^serverName\ =\ .*/​serverName\ =\ $(hostname -s)/" > /​opt/​splunkforwarder/​etc/​system/​local/​server.conf
 +rm /​opt/​splunkforwarder/​etc/​system/​local/​server.conf.tmp
 +}
 +
 +#​-----------------------
 +change_owner()
 +{
 +chown -R splunk:​splunk /​opt/​splunkforwarder
 +}
 +
 +#​-----------------------
 +configure()
 +{
 +echo "​Configure"​
 +
 +su - splunk -c "/​opt/​splunkforwarder/​bin/​splunk start --accept-license --answer-yes --auto-ports --no-prompt"​
 +
 +/​opt/​splunkforwarder/​bin/​splunk enable boot-start -user splunk
 +startsrc -s splunkd
 +}
 +
 +#​-----------------------
 +check_status()
 +{
 +echo "​Check"​
 +lssrc -Ss splunkd
 +
 +odmget -q subsysname="​splunkd"​ SRCsubsys
 +
 +startsrc -s splunkd
 +lssrc -s splunkd
 +
 +/​opt/​splunkforwarder/​bin/​splunk ​ btool check --debug
 +
 +echo "​Process"​
 +ps -ef | grep -v grep | grep splunk | grep -v install_splunk
 +}
 +
 +########################​
 +# main
 +########################​
 +version=$(cat /​opt/​splunkforwarder/​etc/​splunk.version | grep VERSION)
 +
 +create_user
 +
 +if [[ $(df -g | grep -c '/​opt/​splunkforwarder'​) == "​0"​ ]]
 +then
 +  stop_splunk
 +  create_fs
 +fi
 +
 +if [[ "​$version"​ != "​$splunk_version"​ ]]
 +then
 +  stop_splunk
 +  backup
 +  install_bin
 +  if [[ "​$(grep -c '​splunk-prd.xxx'​ /​opt/​splunkforwarder/​etc/​system/​local/​outputs.conf 2>/​dev/​null)"​ != "​2"​ ]]
 +  then
 +    rebuild_outputs
 +  fi
 +  if [ -e /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf ]
 +  then
 +    host1=$(grep -p '​\[default\]'​ /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf | grep '​^host='​)
 +    host2=`echo "​host="​$(hostname -s)`
 +    if [[ "​$host1"​ != "​$host2"​ ]]
 +    then
 +      rebuild_inputs
 +    fi
 +  else
 +    build_inputs
 +  fi
 +  change_owner
 +  configure
 +fi
 +
 +if [[ "​$(grep -c '​splunk-prd.xxx'​ /​opt/​splunkforwarder/​etc/​system/​local/​outputs.conf 2>/​dev/​null)"​ != "​2"​ ]]
 +then
 +  rebuild_outputs
 +  stop_splunk
 +fi
 +
 +if [ -e /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf ]
 +then
 +  host1=$(grep -p '​\[default\]'​ /​opt/​splunkforwarder/​etc/​system/​local/​inputs.conf | grep '​^host='​)
 +  host2=`echo "​host="​$(hostname -s)`
 +  if [[ "​$host1"​ != "​$host2"​ ]]
 +  then
 +    rebuild_inputs
 +    change_owner
 +    stop_splunk
 +  fi
 +else
 +  build_inputs
 +  change_owner
 +  stop_splunk
 +fi
 +
 +if [ -e /​opt/​splunkforwarder/​etc/​system/​local/​server.conf ]
 +then
 +  host1=$(grep '​^serverName'​ /​opt/​splunkforwarder/​etc/​system/​local/​server.conf | sed 's/\ //g')
 +  host2=`echo "​serverName=$(hostname -s)`
 +  if [[ "​$host1"​ != "​$host2"​ ]]
 +  then
 +    rebuild_server
 +    stop_splunk
 +    change_owner
 +  fi
 +fi
  
 +stopsrc -s splunkd; sleep 2; startsrc -s splunkd
  
 +check_status
 +</​code>​
monitoring/splunk.1711385660.txt.gz ยท Last modified: 2024/03/25 17:54 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki