img img
Practice Exams:
View All
  • Home
  • SPLK-1002 Splunk Core Certified Power User – Installation and Configuration of Splunk Components Part 2

SPLK-1002 Splunk Core Certified Power User – Installation and Configuration of Splunk Components Part 2

  1. Configure Search head From Splunk CLI

The 239 is visible here; 14 239 is our indexer. Now our search engine, which is twelve dot 76, is able to search the logs on the indexer, which shows our configuration is successful. We have configured a Splunk instance to act as a searcher. Now we have done this part using Splunk Web.

We’ll see how we can do this using Splunk CLI. This is our indexer. We will not be touching any indexer because we’re configuring the searcher. So I’m logging in on searcher. Let me jump to my application’s user. That is splunk. Yes. Now I’ll go to my Splunk utility bin before we add our indexer, and since we have only one indexer as of now, I’ll go ahead and delete our present indexer. Go to distributed search and search for peers, and delete here. The tricky part is that if you want to add indexer using the CLI, you must specify the username and password.

Splunk adds the search server and the IP What was our indexer’s IP? So this is our indexer IP, and the port is 8089, and you need to mention the remote username, which we mentioned as part of the web configuration. The user name is admin. Similarly, we need to mention the remote username here. So now we have mentioned the remote username. It is a remote password. So this is the syntax. That is, you need a capital P and a capital U for the remote username and password, and the search server is the one that is representing them. This is my index. Add it to my Splunk searcher. So it will ask for the “My researcher must be informed” parameter. Okay, I have not mentioned my password.

That is the reason my password is “this is my indexer password.” It is asking for my search username and password. because I’m changing the configuration of my searched for. It has to authenticate the password before it can be saved. Now it says “peer added.” Let’s go back here and refresh this, as we can see that our instance or the indexer came back up again. This is the way we add our indexer to the searcher to configure an instance to act as a searcher. Let us see; we have since added what happens when we edit the configuration. How to use Indexer to configure searches by editing configuration This is quite complex. We’ll go through it slowly.

  1. Configure Search head From editing Configuration Files

In the previous video, we saw how to configure a Splunk instance to act as a searcher using the web console. That is, add the indexer IP and poor details (80.89.89 and the indexer IP) and use CLI to mention the remote user and the Splunk searched user’s passwords. Now we need to see what exactly happens during the search for configuration.

That is the first time we enter these details so that we can understand how to configure a searcher using the editing configuration method. This is a searcher. I have deleted the previously added indexes. Let me refresh to confirm search peers, and there is nothing as of now. I’ve cleaned off other configurations that were part of our web configuration and CLI configuration in order to start fresh. Now we are in our Splunk searcher instance. Before we begin editing the configuration here, we must ensure that the certificate present in etcfrom Splunk home Auth and this search is valid. This is the diff server.

Keys are the means by which the searched and your indexer communicate. So we need to copy this trusted key from the searcher to our indexer machine at the same location. Splunk, for example. Author keys. But make sure you create a directory that is named after your search for the host name so that it can identify which key belongs to which server. So I am creating a directory based on the host name. I’ll log into the directory. Now I’ll probably copy this file without displaying the trusted key. No matter; by the time you guys see these videos, I’ll be disabling these machines. You are probably deleting them. So there are no issues. We need a trusted key. Let me make it with trusted pamand and use the same key. Hopefully, there will be no syntax errors. We’ll see if we face any issues. So this is our searcher.

Once we have copied our keys into our search indexer, the searcher keys have been successfully copied. As you can see, This will be our complete location on the index where the keys are located. It will be under this server key, along with the host name folder, where the key is presently created. This is our key. Opt Splunk the configuration file for your system localist search at is etc. Here we need to place this syntax, which is distributed. Search is the configuration stanza name, and service is the list of your indexers. Here you can specify, comma-separate, and mention any number of indexers you have so that the searcher is configured to run on all these indexes. Let me copy this. Paste it here. Save it.

Since we have edited the configuration, let us reset this instance. Once it is up, we should be able to see it without entering any credentials. However, by simply copying our keys, we can see that the configuration is now on distant search cons. Now we’ll be able to see that our indexer should be up and running. Indexer logs should be able to be fetched from our search, and as you can see, the state is up, replication is successful, and the health status is healthy, so this will be our index app. Use the underscore “internal” to ensure that we can quickly run a local internal Splunk log search index. Let’s go for the last five minutes of real-time search. You’ll see there are two hosts. Our indexer number is 14 239.

We have now successfully configured our searcher using three different methods, culminating in one using a Splunk Web setting that uses distributed search. The second is by adding a search server using the syntax opt splunk bin search iPhoneserver, followed by the remote username and password, along with IP and port details. After entering this command, it will ask for your Splunk search and login. So once we have done that, we’ll be able to see a similar screen where the index is up and able to communicate with your searcher. An internal index search should be able to tell you that your indexer is communicating with the searcher and that your Splunk component is currently being searched.

  1. Configure Heavy Forwarder using Splunk Web and CLI

Now that we’ve seen how to set up a Splunk component as a searcher and how to set up a Splunk component as an indexer, Let us go through how we can configure our heavy forwarder. That is, creating an instance to receive and forward data without storing any of it. The EV forwarder functionality we already know from previous modules or discussions on EV forwarder is that it sends data received from the universal forwarder to the index cells. We need to do a similar step of adding and receiving on a specific port that we have seen three ways of doing in our indexer configurations. To add the receiver to a specific port, I’ll use the Splunk web console, which is a simple method. This is an example of a heavy forwarder.

It’s an 8000 port. So we should be able to do it with our CLI as well. Let me log in. Let me log into my application account. That is Splunk. Okay, now choose Splunk; we all know how to configure receivers using the Splunk CLI by now. Let me run the enable command enable. Listen, we did the same thing in configuring indexer in this step. We have enabled Splunk for Portland 7. It is asking for my Splunk credentials. It says to listen for Splunk data. Splunk data is on port 387. We’ve set up receivers. Now we can go ahead and check our web settings for forwarding and receiving. It should be under receiver 97. This is the instance of our AB forwarder.

We have successfully set up the functionality of receiving the logs. Now we know the other two methods. If you’re still having trouble with the other two methods, you should watch the indexer configuration video again. From there, you’ll be able to see what the other two methods are, which are via the web and by directly editing the configuration files. The second functionality of our every forwarder will be to create a forwarder for forwarding the data that has been received from the universal forwarder and passing it and forwarding it to the external. There are three methods for configuring the forwarder. We’ll be going through them one by one. The first method is, of course, through Splunk Web or the GUI. Go to settings > forwarder > dressing. You will be revisiting the same page. “Configure forwarding” or “Add new” should be selected. You go through “Configure forwarding” so that you will see there is nothing.

Before we’ll click on “new” and enter the host and the port where we need to send the locks, The port number is 319-7, which we know. The host is our indexer. Let us grab the indexer. 319 768 is the port number. We know because, during our indexer configuration, we enabled receiving on triple-nine-seven. This will be our forwarding port. Click on “Save.” As a result, every forwarder should be able to perform the initial parsing and send it to your indexer. Other features, such as event routing, data masking, and data filtering, will be covered in the later sections of our tutorials. For our configuration perspective, this is how we configure AV forwarding so that it receives the logs and sends them to our indexer. To understand our second method, we’ll just delete this configuration.

We’ll read the same configuration using the second method. That is our CLI. Now we have deleted the configuration login for our Splunk AB forwarder instance. Navigate to the Splunk utility. The command would be for adding an indexer in the previous tutorial while learning how to configure searches. We used a search server. It will be the forward server that forwards the logs to your indexer server on port 97. So it says “added forwarding to this IP on this port.” Let us refresh this page. We should be able to see those configurations. Yes, the configuration has appeared in our Splunk CLI. Let’s see how we can do this by editing the configuration files.

  1. Configure Heavy Forwarder using Splunk Configuration File Edit

So we now know how to configure an AV forwarder for data forwarding to the indexer via web and CLI. Now we’ll set it up by editing the configuration file. If you log in to our AV forwarder, this is our AV forwarder machine. Let us quickly check for editing configuration files was previously added. I will just remove those configurations so we can read our indexer’s IP and the port details using configuration editing. As we can check now, we are not forwarding data to any of the index services.

Let us go back to our AV forwarder. Yes, this is our AV forwarder to forward data out of Splunk to any instance, let’s say from a unit forwarder to an indexer or from a unit forwarder to an AV forwarder, or, for simplicity, if you want to send the data out of your Splunk instance, you will always use this configuration file. Outputs conf is the name of the configuration file. As a result, these are named very specifically for the functions carried out in the configuration files. When you say “inputs conf,” it is used to get data inside Splunk. When you say “outputs conf,” it is used to send the data out of that Splunk instance. There is typical syntax to follow. This will be the syntax that we need to edit in our outputs conf.

That is, create a TCP output configuration stanza and mention the default group of the indexer or your AV forwarder. That is, this is our default AV forwarder. So this will be our default AV forwarder, and I’ll list the people who make up that group. For our group, we have only one indexer. If we have multiple indexers, we can add them by placing commas after any number of EV-4 orders or indexers to where we need to send the data out of Splunk. This is our TCP-out server.

Splunk A forwarder is sending the passed output to this output. I’ll copy and paste this into a new file and save it. But we’ll still not be able to see the configuration because we have edited one of the configuration files, which requires a restart. So let’s proceed with restarting Splunk. Once you restart Splunk, you should be able to see the new forward server that has been added, which is the default group, which is the default AV forwarder group name, and we have one server in it. The first blank has begun. Let us check. I’ve entered my password wrong. Once it loads up, you’ll be able to see the new forward server that has been added. This is our new indexer. We have done two configurations to better understand the AV forwarder. One is forwarding, one is receiving. Receiving is similar to the step that we have performed for the indexer. The forwarding part is similar to the universal forwarder, which we’ll be seeing sometime. That is how you can send the logs from the universal forwarder to your index.

  1. Configure Deployment Server From Splunk Web

We know very well by now that the deployment server is a centralised management console where you can deploy any configuration related to our Splunk infrastructure or any component in our Splunk infrastructure. Now we will see how to configure the deployment server. to configure the deployment server. The best and possibly the only way is to create a server class configuration file that is responsible for your deployment server feature. You’ll be able to see that this is the only way to enable your deployment server, and it is always placed under System Local. This is the only file that should be placed in the System Local directory on your deployment server and in any other Splunk component. This is the file that will be under SystemLocal wherever the instance is acting as a deployment server.

We’ll see how effective a deployment server can be and how it can accomplish a task that needs to be performed by a Splunk Admin or Splunk Architect in a matter of minutes when we build our own enterprise-level Splunk architecture with high availability and multi-site clustering just for learning purposes on this Amazon AWS. Let us proceed now and configure one Splunk instance as a deployment server by creating a server class, con. Before that, we’ll log into our deployment server for this tutorial. We’ll be using the deployment server and licence manager on one server.

This is our deployment server. IP And by the way, do not try to login to these instances because by the time you guys are watching these videos, hopefully they will have been terminated. The instances will be terminated, and I’ll be building a complete new lab setup so that once you enroll for the complete package of this tutorial, you’ll have access to a lab environment where you can run your searches, create dashboards, create alerts, and see how the environment is performing. It will be completely free for your search experience in Splunk, of course, if you purchase the entire package of this course.

Now, this is our deployment server. We’ve signed in. If you go to “Forwarder Management,” which is another big topic in Splunk, we’ll be discussing it at a later stage. But this tutorial will be strictly about how to configure deployment server forwarder management. It will be a separate concept in the tutorials that follow. Now, click on Forwarder Management; this is the default screen with the most recent Splunk version as of six six two. Yeah, if you see the Splunk version, it is six six two. This is the latest version as of today, and the UI cannot be configured to deploy to a deployment server using forwarder management. The management menu doesn’t have any configuration that can enable deployment servers from the web console.

  1. Configure Deployment Server From Splunk Configuration Edit

Let us proceed and configure one of our Splunk instances, which is hosted on Amazon Web Services (AWS), as a deployment server by creating a server class. So please allow me to log into our deployment server, a dedicated Splunk instance that we have set up as a deployment server for the time being. Let us see how we can configure it and just log in as an application user. Yes, I am. Splunk user here. That is our application user. Let me see whether Splunk is running or not. Yes, Splunk is running. Let us confirm whether our Splunk instance is configured as any other instance or deployment server that was previously enabled.

So I’ll log into SplunkWeb to configure the deployment server. As of now, we have only one method, which is editing the configuration file. We will be adding a file called Server class conf to check whether your acting Splunk instance is a deployment server or not. All you need to do is go to Settings > Forward a Management, and as you can see, it says deployment server in the URL. As of now, we have not set up the deployment server. Let’s go ahead and make this instance a deployment server. Log back into CLI. As I said earlier, we have only one method for enabling the deployment server. That is done by creating server-class configuration. That is, we will be editing the configuration file directly on the back end. We’ll use the Splunk, etc. system in our area. So as of now, we don’t have the file that is Server Class Conf. This is the configuration file that is responsible for making a Splunk instance act as a deployment server. Simply make one temporary file and add these four lines to it. This is a global stance. Let me go through them quickly. But we’ll be dealing separately with how to create separate groups using a deployment server, deploy specific apps, and what the syntax is for everything in a separate module. As of now, just remember these four lines.

So this is a global configuration that we are defining in the deployment server, and we are whitelisting all the clients. We are creating a group called All Apps, and we’ll be deploying everything to the instances that belong to our global instance. This is referred to as a “default configuration.” But in production, it will never be the same. This is just for enabling this instance as our deployment server. Let me save this file and let me restart. Since we have edited our configuration file, I’ll restart my deployment server. Once it is up, you’ll be able to see the complete deployment server UI changes. You’ll be able to see additional menus, and this UI will look completely different. Now that our Splunk deployment server is up, let us log in again. See. As you can see, we have a completely new user interface that was never before visible here. As you can see, we have a server class that we created. That is the group name.

Server classes are nothing but a group, and at present we don’t have any applications deployed. We’ll see how we can deploy applications to the groups and how to add clients in the following sessions. And also in the future course, we will see how the deployment server is used to create server groups, create apps on clients, and deploy the configuration of those clients from the deployment server. Now, let us proceed further to see how to add a client to report to our newly added deployment server. to add a client to the deployment server. We have just two different ways of doing it for all components of Splunk, including the universal forwarder: by Splunk, CLI, or editing a configuration file. Let us see them one by one.

  1. Adding Clients to Deployment Server

Let’s go back and let me see which of my Splunk instances are up. Our search engine is now operational. Let us make our search report to our deployment server. Searched is nothing but another component of Splunk, whose configuration can also be managed by our deployment server. I have logged in as my application user. Let me check whether my Splunk instance is up on this searcher. Yes, it is up and running. So which method will we be using to add our search? Let us also use RCL opt splunk bin splunk. This is our utility. This is the utility to add, modify, or remove any configuration of Splunk.

We’ll be setting and deploying the argument called Pole, the IP address of our deployment server. Let me quickly grab that. This is our IP address, and the port number will be 80 89, which is the management port. sonow The Splunk utility is asking for our Splunk credentials. Okay, it says the configuration is updated. Let us restart our client, which is going to report our newly added deployment server. This is one method of adding clients to our deployment server. so that this will report to our deployment server and fetch the configuration. And this configuration will be deployed on this instance of Splunk. Either it can be searched by every forwarder or indexer, or even by the universal forwarder. Let us see. Our client started talking to our deployment server. Once the client initiates the connection, you will be able to notice that this zero client will become one.

Let me validate the connection quickly. Yes, it is able to connect to our deployment server. In the meantime, we’ll see how we can add deployment server clients. By the time the searcher reports to this deployment server, we will see how we can add our universal forwarder that has been installed on our Windows machine to report to our newly created deployment server. We can also use CLI to add to this. We already know that Splunk’s home directory is C:Program FilesSplunk or Splunk in, and we can set deployF one pole, the IP address, and the port details in the same way. If we hit enter, it will start reporting to our deployment server. This will be your set. Yes, this will be your sole authority. However, we will be editing configuration files in order to cover additional concepts or methods of doing so.

C programme files. Splunk yourself over ATC System local. Here we’ll be creating a new file called Deployment Client. The deployment client file is the one that holds the configuration of your deployment server and makes sure the communication is proper. We have now changed our configuration. Let us retrace our steps together. Just keep in mind that we have two methods. One is using the CLI, which is Splunkexe’s “set deploy pool IPN port number.” The second one is editing deployment. Client Conf So let’s bring up the server so we can refresh our deployment client — sorry, deployment server — and see if the clients are being reported. Yes, we have had one client report.

That is our search term, which we previously added. As you can see, this is a search engine. Usually it takes a couple of minutes before it pops up because the deployment client communicates using a term that is called “phoning home.” So each client will phone home every 30 to 60 seconds. By default, this value is completely customizable. Depending on our flexibility and the architecture design, we can change it from 1 minute to 5 minutes or 10 minutes. Let’s take a look at our connectivity between our local universal forwarder. Okay, I don’t have telnet installed. No issues. We’ll notice that it should be reporting our deployment within a minute or so. So this is basically it. We have created a deployment server. We have created a server, cloudserverclass.com, on Splunk enterprise instance to act as a deployment server.

We saw that once you have added server classes, the entire UI under order management changes and gives us more information. Once we have this, we will have clients. To enable the clients, you have two methods. One method is to use Splunk CLI (Splunk exe setdeploy poll IP followed by the management port number). Similarly, in editing configuration mode, we will add deploymentclient.com under system local to make the instance report to our deployment server. See now that this is my local PC, which has successfully reported to our deployment server. And now we have successfully set up our deployment server and also added multiple clients so that our deployment can talk to them and deploy the configuration.

  1. Deployment Client Config CLI and on Configuration Edit on Universal Forwarder

We have seen from our previous tutorials how to instal a universal forwarder. Let’s look at how we can get Universal Forwarder to send logs to our Splunk index. Since universal forwarder is a lightweight package, we don’t have any web console for managing the configuration. The configuration of the universal forwarder will be completely done by editing the configuration file or using the Splunk CLI to configure the universal forwarder to send the logs to the indexer. Let us check out both ways of doing it. The first method will be like adding your indexer’s IP. That is, this is my Splunk universal forwarder installed on my local laptop, which is supposed to send logs to our indexer in the cloud. Let us quickly get the indexer running.

So this is the indexer, and also from our previous tutorials, you should be aware that by now we have enabled our Splunk instance to receive logs, that is, to act as an indexer. And also, we have created an index to hold the incoming data. The first method is through Spunk’s CLI. We’ll run the Splunk exceed forward iPhone server utility, followed by an IP address and the index’s receiving port. In our previous tutorials, while we were discussing how to configure a Splunk instance as an indexer, we set up a receiver on our indexer. We can quickly validate that by logging into our indexer. So we have logged in. Let me change into my application user, which is Splunk. So I have logged in as an application user. I’ll verify if Splunk is up. Yes, and I’ll verify if the portal nine-seven is being utilised by our Splunk. Yes. Our Splunk D process, as you can see, is listening on port 391.

Now, this is one way of sending the logs that are collected locally from our universal forwarder to the index. This parameter should be in the form OK; this is a colon triple line seven. It is asking for my Splunk universal order login. This was added once you successfully logged in. Let’s see what happens if I add this command, which is splunk exe in Linux; it will be splunk or opt splunk bin forward by Splunk, which will add forward server with your indexer’s IP address and listening port. Once this has been added, you can use make forwarder to send the logs via this. Or you can directly edit the configuration (that is, the C programmer files in splunk home, which is our Splunk universal order, etc.). system local, and this will be our file that outputs conf. Once you see outputs.

you’ll be able to notice that this is the configuration that we added. It has created a local group like we have seen during a B-forwarder. It was the outputs conf that created the local group, and it will auto balance. And if we have multiple IP addresses or indexes, we can just specify it by mentioning a comma followed by the other indexes and the receiving port. So as of now, we’ll leave it. Since we have only one indexer, we will see how to add multiple indexes, how to enable clustering, and all these complex concepts, including the deployment server and how to deploy configuration when we are building our own enterprise-level multi-site indexer clustering on Amazon. AWS For simplicity, just remember this is our indexer configuration. That is the IP and the port number that are mentioned in the outputs confile.

Once it has been mentioned, make sure you have restarted the Splunk service. Splunk exe restart has completed. So, as earlier mentioned, there are two methods. One is your CLI. The second is to edit our outputs directly. Once our indexes start receiving data, we should be able to search it from our searcher by the time our Splunk universal forwarder restarts. Let me log into our search engine. So this is a searcher. We have restarted our Splunk instance. That is our universal forwarder. This is the case with our deployment server. We can ignore this. Let us now see if we are receiving the laws sent from our universal forward. I’ll just search for “index is equal to star” and see what data we have received in the last 24 hours. We must have had 310 events in a matter of minutes. As you can see, this is from my local laptop PC, which is sending my logs, which are collected during CPU load via the network interface and available memory. These are scripts that are running on the universal forwarder, and they are collecting the information and sending the logs to our searcher. This validates the universal forwarder configuration in our index.

  1. Splunk License Manager Configuration

The final discussion of this module is to upload our licence to the installed Splunk component, which acts as a licence manager. In our scenario, we will be making our deployment server, which is the server. as our licence manager. You will be able to see that the process is very easy, and the licence server can be either searched, an indexer, a deployment server, or even your cluster master. To begin, ensure you have your license, which you should have received via email or downloaded from your internet portal or Splunk. As of now, I don’t have the license, and I’ll be downloading it from my portal, which is Splunk.com. In our previous tutorials, we have seen how to get this free licence of 10 GB per day, free of charge. And you will receive this licence in two ways: via email and by logging into your portal at any time. I’m just logging in, so once I’ve logged in, go to instances. It takes you to a separate portal where you can see all of the licences you have and which ones are valid and which are invalid. Let me go to the customer portal. So this is the typical customer portal.

You can directly log in using this link, or you can log in from the home page and visit your profile. You will be brought to this page where you can click on my licenses. This is the one I have valid as of now, and I’ll be downloading it. This is my license. Either you can copy and paste it or download this licence as XML. For this tutorial, I’ll show you how I downloaded my XML and copied it to my clipboard. So, once I’ve copied everything, I’ll log into my deployment server. Just 52 and 25 Yes, this is our deployment server. Yes, this is our deployment server. Here you have two methods for applying your licence settings. The first method is via Splunk Web. You have other methods where you can upload their licence to your server and copy it to the licence directory. and then you can add your license.

But this is the most simple one: go to settings and licenses. As you can see, it has multiple options. We’ll click on “Add license” here; we have a copy-and-paste licence that I can paste from the portal, or I can upload this licence XML using the “Browse” button here. So I’ll copy and paste. Click install. It says restart is necessary. Go ahead, restart it. Once you have restarted, you will have a complete Splunk instance with a ten-gigabyte license, which can be used for learning purposes and also for creating apps and troubleshooting issues in the community. If somebody uploads a sample file, you can have your own instance where you can get those sample logs and upload them to the instance that you have and assist the people in the community. This 10 GB licence is extremely valuable at this point. With this 10 GB of free licensing, you will have access to all of Splunk’s features. So now we have added our license. I’ve logged in again post-restart; let me check my licensing. Now, as you can see, it says I have a Splunk developer per personal license, which is valid through September 20 of this year. As you can see, today we have not used much. We have ten gigabytes left of our licence quota.

  1. Splunk Licensing Pool and Client Configuration

Now we have seen how to download the license and upload it to our License Manager. We have something called “License Pools,” and we assign licences to a specific pool. As you can see, there is a button just below your licence bar, and you can add a pool that is like my main site indexes. This licence quota is for my main site indexes only. This is simply the logical separation. That means I have a 10-gig license. I will give eight gigs only to my main site and two gigs to other components. You can differentiate or limit certain groups based on a specific number or set of criteria. This licence maximum is a specific amount, like five GB.

I’ll give it five GB for my main site indexer and the other five GB for other indexes if you have any specific indexers. As of now, we have only one pitch. Indexes are eligible. You can select all your main site indexes that are available and make this a specific group. As of now, I’ll click cancel. But this is how the concept works. You can create a new group where you can assign a specific amount of licence for a specific group of indexes. Now, we have added this license. Let’s make our indexes report to this licence so that this is the master I need to make my other Splunk instance look like Indexer. Look it up to report through this master. For the licensing, I’m logging into my indexer. As you can see, this is our Splunk indexer. I grabbed the IP and am logged into it now. This indexer currently has 500 MB of licencing settings. As you can see, this doesn’t have an enterprise license. It has only a free licence that comes as part of your installation package.

We felt it was necessary to make it a licenced manager, so we added a licence here. But now, since we already have a licence manager, we’ll make this indexer a slave to report to that licence manager. What is our licence manager? IP? This is the IP. As a result, the IP port number is 80/89. We have added this indexer to report to our new License Manager. Let’s restart it. Once restarted, we’ll be able to see the consumption of our indexer right below this, so that we will have a good view of how much this indexer is consuming. Similarly, we can make our searches so that other indexers, including AV forwarders, report to the LicensedManager that the licence calculation and tracking of these licences will happen there, giving you the overall picture. Let me restart this once more from the CLI so that we will know when the process of restarting actually completes instead of the web component, where it just keeps on reloading.

As you can see, our index has already started reporting. It has taken up to 46 MB of space. But unfortunately, we are unable to load the GUI. I think once this is up, we should be able to load it. Our indexer number is 14 239. Yes, as you can see here. 14 239. So let it restart. Now our Splunk index is up. Let us reload this. Yes. Now we are able to log in once we have logged in. You can see now that the licencing page of the indexer will not consist of any information whatsoever, except for the URL specifying our License Manager. So if you go to Settings and Licensing, this is how it looks. It says this is your index name, but the License Master Uri is this one. If you want to know more about licensing, go to this server or your licence manager. If you come here, As you can see, it has consumed up to 46 MB of our NGB license. That’s a refresher on the link. It’s almost 46 MB. Since we have our local universal forwarder, which is installed on my laptop and sending the data to the cloud, we have around 46 MB of data as of now.

Related posts:

  1. 10 Hot Tech Jobs That Don’t Involve Coding
  2. How to Check and Configure Plugins in 5 Main Browsers?
  3. Microsoft Word: 5 Free Alternatives to Save Your Money
  4. Should You Say “Yes” or “No” to (ISC)2 CISSP Certification? What Will Be Your Answer?
  5. SY0-501 Section 3.4-Explain types of wireless attacks.
  6. Top 10 Business Analysis Techniques to Use in Order to Broaden Your Professional Horizon
  7. Top 5 Project Management Certifications That You Should Consider for Your Career Growth in 2020
  8. Top 7 Certifications for Your Time and Money
  9. Why CISSP Certification Is So Popular?
  10. Your Best Career Path With EC-Council Certification

Popular posts

Top Vendors On The IT Certification Market

Top 5 Agile Certifications You Should Pursue in 2020

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

What Should You Know About New Amazon AWS Certified Database – Specialty Exam?

Recent Posts

img