#选择版本
https://www.splunk.com/page/previous_releases
#使用RPM的版本8.1.3
https://download.splunk.com/products/splunk/releases/8.1.3/linux/splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm
#使用DEB的版本8.1.3
https://download.splunk.com/products/splunk/releases/8.1.3/linux/splunk-8.1.3-63079c59e632-linux-2.6-amd64.deb
[root@splunk ~]# rpm -ivh splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm
warning: splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID b3cd4420: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:splunk-8.1.3-63079c59e632 ################################# [100%]
cp: cannot stat ‘/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag’: No such file or directory
complete
[root@splunk ~]# cp /opt/splunk/swidtag/splunk-Splunk-Enterprise-primary.swidtag /usr/share/regid.2001-12.com.splunk
[root@splunk ~]# chown splunk:splunk /usr/share/regid.2001-12.com.splunk/splunk-Splunk-Enterprise-primary.swidtag
[wazuh]
coldPath = $SPLUNK_DB/wazuh/colddb
enableDataIntegrityControl = 1
enableTsidxReduction = 1
homePath = $SPLUNK_DB/wazuh/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/wazuh/thaweddb
timePeriodInSecBeforeTsidxReduction = 15552000
tsidxReductionCheckPeriodInSec =
[wazuh-monitoring]
coldPath = $SPLUNK_DB/wazuh-monitoring/colddb
enableDataIntegrityControl = 1
enableTsidxReduction = 1
homePath = $SPLUNK_DB/wazuh-monitoring/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/wazuh-monitoring/thaweddb
timePeriodInSecBeforeTsidxReduction = 15552000
tsidxReductionCheckPeriodInSec =
[splunktcp://9997]
connection_host = ip
[root@splunk ~]# /opt/splunk/bin/splunk start
[root@splunk ~]# /opt/splunk/bin/splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.
