Install on FreeBSD

Install on FreeBSD

The FreeBSD builds comes in two forms: an installer (5.4-intel) and a tarball (i386). Both are TGZ files.

Upgrading?

If you are upgrading, review the upgrade documentation later in this manual and check READ THIS FIRST for any migation considerations before proceeding.

Prerequisites

For FreeBSD 8 , Splunk requires compatibility packages. To install the compatibility package:

1. Install the port:

portsnap fetch update

cd /usr/ports/misc/compat7x/ && make install clean

2. Add the package:

pkg_add -r compat7x-amd64

Basic install

To install FreeBSD using the intel installer:

pkg_add splunk_package_name-6.1-intel.tgz

This installs Splunk in the default directory, /opt/splunk/

To install Splunk in a different directory:

pkg_add -v -p /usr/splunk splunk_package_name-6.1-intel.tgz

The FreeBSD package system does not have native upgrade support. There are some add-on utilities which try to manage it, but this is not explicitly tested. To upgrade a package on FreeBSD you can either uninstall the prior package, and install the new package, or you can upgrade the existing installation using a tarball install as below.

Tarball install

To install Splunk on a FreeBSD system, expand the tarball into an appropriate directory. The default install directory is /opt/splunk.

When installing with the tarball:

• Splunk does not create the splunk user automatically. If you want Splunk to run as a specific user, you must create the user manually.
• Be sure the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

After you install

To ensure that Splunk functions properly on FreeBSD, you must:

1. Add the following to /boot/loader.conf

kern.maxdsiz="2147483648" # 2GB
kern.dfldsiz="2147483648" # 2GB
machdep.hlt_cpus=0 

2. Add the following to /etc/sysctl.conf:

vm.max_proc_mmap=2147483647

A restart of the OS is required for the changes to effect.

What gets installed

To see the list of Splunk packages:

pkg_info -L splunk

To list all packages:

pkg_info

Start Splunk

Splunk can run as any user on the local system. If you run Splunk as a non-root user, make sure that Splunk has the appropriate permissions to read the inputs that you specify.

To start Splunk from the command line interface, run the following command from $SPLUNK_HOME/bin directory (where $SPLUNK_HOME is the directory into which you installed Splunk):

 ./splunk start

By convention, this document uses:

• $SPLUNK_HOME to identify the path to your Splunk installation.
• $SPLUNK_HOME/bin/ to indicate the location of the command line interface.

Startup options

The first time you start Splunk after a new installation, you must accept the license agreement. To start Splunk and accept the license in one step:

 $SPLUNK_HOME/bin/splunk start --accept-license

Note: There are two dashes before the accept-license option.

Launch Splunk Web and log in

After you start Splunk and accept the license agreement,

1. In a browser window, access Splunk Web at http://<hostname>:port.

• hostname is the host machine.
• port is the port you specified during the installation (the default port is 8000).

2. Splunk Web prompts you for login information (default, username admin and password changeme) before it launches. If you switch to Splunk Free, you will bypass this logon page in future sessions.

What's next?

Now that you've installed Splunk, what comes next?

Manage your license

If you are performing a new installation of Splunk or switching from one license type to another, you must install or update your license.

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

To uninstall Splunk from the default location:

pkg_delete splunk

To uninstall Splunk from a different location:

pkg_delete -p /usr/splunk splunk

• Was this topic useful?
• Post a comment