3.3.1 splunk server
#选择版本
https://www.splunk.com/page/previous_releases
#使用RPM的版本8.1.3
https://download.splunk.com/products/splunk/releases/8.1.3/linux/splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm
#使用DEB的版本8.1.3
https://download.splunk.com/products/splunk/releases/8.1.3/linux/splunk-8.1.3-63079c59e632-linux-2.6-amd64.deb[root@splunk ~]# rpm -ivh splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm
warning: splunk-8.1.3-63079c59e632-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID b3cd4420: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:splunk-8.1.3-63079c59e632 ################################# [100%]
cp: cannot stat ‘/opt/splunk/etc/regid.2001-12.com.splunk-Splunk-Enterprise.swidtag’: No such file or directory
complete[root@splunk ~]# cp /opt/splunk/swidtag/splunk-Splunk-Enterprise-primary.swidtag /usr/share/regid.2001-12.com.splunk
[root@splunk ~]# chown splunk:splunk /usr/share/regid.2001-12.com.splunk/splunk-Splunk-Enterprise-primary.swidtag[wazuh]
coldPath = $SPLUNK_DB/wazuh/colddb
enableDataIntegrityControl = 1
enableTsidxReduction = 1
homePath = $SPLUNK_DB/wazuh/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/wazuh/thaweddb
timePeriodInSecBeforeTsidxReduction = 15552000
tsidxReductionCheckPeriodInSec =
[wazuh-monitoring]
coldPath = $SPLUNK_DB/wazuh-monitoring/colddb
enableDataIntegrityControl = 1
enableTsidxReduction = 1
homePath = $SPLUNK_DB/wazuh-monitoring/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/wazuh-monitoring/thaweddb
timePeriodInSecBeforeTsidxReduction = 15552000
tsidxReductionCheckPeriodInSec =
最后更新于