All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.
Install the Splunk Data Stream Processor
To install the Splunk Data Stream Processor (DSP), download, extract, and run the installer on each node. You must contact your Splunk representative to access the Splunk Data Stream Processor download page. The Splunk Data Stream Processor is installed from a k0s package, which builds a Kubernetes cluster that DSP is installed and deployed onto.
At a glance, the DSP installer does the following things:
- Checks that the system is running on a supported OS with the necessary services and kernel modules, passes pre-installation checks, and is not running any conflicting software.
- Installs Kubernetes and other software tools like SCloud. For more information about SCloud, see Get started with SCloud.
- Prepares Kubernetes to run the Splunk Data Stream Processor.
- Installs the Splunk Data Stream Processor.
- Checks that the Splunk Data Stream Processor is ready for use.
See What's in the installer directory? for information about the files and scripts that the installer tarball contains.
Extract and run the Splunk Data Stream Processor installer
Prerequisites
Prerequisite | Description |
---|---|
Your system meets the minimum hardware and software requirements for DSP. | See Hardware and Software requirements. |
The required ports are open. | See Port configuration requirements. |
The download link for the Splunk Data Stream Processor. | Contact Splunk Support. |
Disable SELinux. | To disable SELinux, run setenforce 0 on your nodes.
|
Synchronize your system clocks. | Consult the system documentation for the particular operating system on which you are running the Splunk Data Stream Processor. For most environments, Network Time Protocol (NTP) is the best approach. |
You have system administrator (root) permissions. | You need administrator (root) permissions so Kubernetes can leverage system components like iptables and kernel modules. If you do not have root permissions, you can use the sudo command.
|
Install iptables. | If using a non-Ubuntu OS, run the following command:
If using Ubuntu, run the following command instead of the above one:
|
Give all nodes in your DSP cluster a unique machine ID. | The DSP installer will check this condition and fail if it is not met. If the check fails, run the following commands.
|
Steps
- Download the Splunk Data Stream Processor installer tarball on each node.
- On each node in your cluster, extract the Splunk Data Stream Processor installer from the tarball. In order for the DSP installation to complete, you must have the right number of nodes ready to join to form a cluster. The number of nodes depends on the installation flavor you select in step 4.
tar xf <dsp-version>-linux-amd64.tar
The DSP installer times out after 10 minutes of inactivity, so if you don't have these nodes prepared, you need to start the installation process over again.
Do not untar and later run the installer from the
/tmp
folder. - On one of the nodes that you want to be a controller node, navigate to the extracted file.
cd <dsp-version>
- Determine which flavor of DSP you want to install. The number in the install flavor name corresponds to the minimum number of controller nodes that the flavor supports. Installation flavors are fixed at installation-time, therefore, select the flavor that accommodates the largest implementation that you think you'll need.
Flavor Available number of controller nodes Minimum cluster size Recommended cluster size Notes ha3 3 3 5-14 Recommended for small-sized deployments. ha5 5 10 15-50 Recommended for medium- or large-sized deployments. - From the extracted file directory, run the DSP install command. You must run this command with the
--flavor=<flavor>
flag, but theinstall
command supports several optional flags as well. For a list of all available optional flags, see the Install flags section../install [--optional-flags] --flavor=<flavor>
After the initial node has connected to the installer, the installer outputs a join command that you need to run on the other nodes in your cluster. Continue to the next section for instructions.
Join nodes to form the cluster and finish the installation
After running the Splunk Data Stream Processor installer, you must join the nodes together to form the cluster. Follow the instructions for your chosen installation flavor.
Install DSP using the ha3 flavor
- Run the following install command in your desired controller node.
./install --accept-license --flavor ha3 --cluster <cluster-name>
- The installer prints out a command that you must use to join the other nodes to the first controller node.The command will look like this:
./join <ip address of controller> —-port 2222 --public <token> --private <token> --enable-controller
- From the working directory of the other node that you want to join the cluster, enter your join command from the previous step.
- From the working directory of the other nodes that you want to join the cluster, enter one of the following commands.
- To join this node to the cluster and change the location where k0s stores container and state information, use one of the following commands. If you do not have enough disk space in
/var
to support the default 24 hour period of data retention, use this command to override the default path used for storage.- If you used
--location
in the installation step, enter this:./join <ip-address-of-controller> --location=<path>
- If you used
--location=/<mount-path>/data/local
in the installation step, enter this:./join <ip-address-of-controller> --location=/<mount-path>/data/local
- If you used
- To join this node to the cluster and change the location where k0s stores container and state information, use one of the following commands. If you do not have enough disk space in
- When you have the required three controller nodes to form a cluster, the installation continues. The installation process might take up to 45 minutes. Keep this terminal window open. The following shows the output that is displayed when the installation continues.
[I 10.216.30.223] Required number of nodes have registered, proceeding with install ... [I 10.216.30.223] Installing binaries [I 10.216.30.223] level=info msg="Successfully installed k0s binary to /usr/local/bin/k0s" [I 10.216.30.223] level=info msg="Upgrading k0s binary at /usr/bin\n" [I 10.216.30.223] level=info msg="Successfully installed k0s binary to /usr/bin" [I 10.216.30.223] level=info msg="Upgrading k0sctl binary at /usr/bin/k0sctl\n" [I 10.216.30.223] level=info msg="Successfully installed k0sctl binary to /usr/bin/k0sctl" [I 10.216.30.223] level=info msg="Upgrading dsp binary at /usr/bin/dsp\n" [I 10.216.30.223] level=info msg="Successfully installed dsp binary to /usr/bin/dsp" [I 10.216.30.223] level=info msg="Using dspdir: /home/ec2-user/dsp-1.4.0-linux-amd64" [I 10.216.30.223] level=info msg="Copying app bundles" destination=/opt/dsp/bundles/dsp-1.4.0 source=/home/ec2-user/dsp-1.4.0-linux-amd64/bundles/. [I 10.216.30.223] Copying airgap packages... [I 10.216.30.223] level=info msg="Finished copying app bundles" [I 10.216.30.223] level=info msg="Using dspdir: /home/ec2-user/dsp-1.4.0-linux-amd64" [I 10.216.30.223] level=info msg="Copied all airgap packages" destination=/var/lib/k0s/images/ [I 10.216.30.223] level=info msg="Applying k0sctl.yaml" [I 10.216.30.223] time="2022-11-04T03:38:41Z" level=trace msg="starting k0sctl upgrade check"
- (Optional) To add additional nodes as workers to your cluster after the installation is complete, enter the following commands from the working directory of the node you want to add:
- To print a join command, run the following command from any of the existing nodes in the cluster and copy the output.
./print-join
- Run the following command from the same node:
./join-additional -n <number of nodes to join>
- Run the copied join command from step 6a on your new nodes to join them to your cluster.
While you can add additional controller nodes with this command beyond the requirements of the flavor you selected, adding controller nodes does not improve the high availability guarantees of the cluster, because services are still fixed to the original number of controller nodes.
After these steps, installation continues. Once the installation has finished, k0s outputs the login credentials to access the DSP UI as well as information about what services are now available as shown here:
Finished installing DSP ... To log into DSP: Hostname: https://<localhost> Username: dsp-admin Password: 65227b8789d57426 NOTE: this is the original password created during cluster bootstrapping, and will not be updated if dsp-admin's password is changed The following endpoints are available on the cluster: ENDPOINTS IP:PORT DSP UI <localhost> S2S Forwarder <localhost>:9997 * Please make sure your firewall ports are open for these services * To see these login instructions again: please run sudo dsp admin print-login
Install DSP using the ha5 flavor
- Run the following install command in your desired controller node.
./install --accept-license --flavor ha5 --cluster <cluster-name>
- The installer prints out a join command that you must use to join the other nodes to the first controller node. The command will look like this:
./join <ip address of controller> —-port 2222 --public <token> --private <token> --enable-controller
- From the working directory of the other nodes that you want to join the cluster, enter your join command from the previous step.
- From the working directory of the other nodes that you want to join the cluster, enter one of the following commands.
- To join this node to the cluster and change the location where k0s stores container and state information, use one of the following commands. If you do not have enough disk space in
/var
to support the default 24 hour period of data retention, use this command to override the default path used for storage.- If you used
--location
in the installation step, enter this:./join <ip-address-of-controller> --location=<path>
- If you used
--location=/<mount-path>/data/local
in the installation step, enter this:./join <ip-address-of-controller> --location=/<mount-path>/data/local
- If you used
- To join this node to the cluster and change the location where k0s stores container and state information, use one of the following commands. If you do not have enough disk space in
- When you have the required five controller nodes to form a cluster, the installation continues. The installation process might take up to 45 minutes. Keep this terminal window open. The following shows the output that is displayed when the installation continues.
[I 10.216.30.223] Required number of nodes have registered, proceeding with install ... [I 10.216.30.223] Installing binaries [I 10.216.30.223] level=info msg="Successfully installed k0s binary to /usr/local/bin/k0s" [I 10.216.30.223] level=info msg="Upgrading k0s binary at /usr/bin\n" [I 10.216.30.223] level=info msg="Successfully installed k0s binary to /usr/bin" [I 10.216.30.223] level=info msg="Upgrading k0sctl binary at /usr/bin/k0sctl\n" [I 10.216.30.223] level=info msg="Successfully installed k0sctl binary to /usr/bin/k0sctl" [I 10.216.30.223] level=info msg="Upgrading dsp binary at /usr/bin/dsp\n" [I 10.216.30.223] level=info msg="Successfully installed dsp binary to /usr/bin/dsp" [I 10.216.30.223] level=info msg="Using dspdir: /home/ec2-user/dsp-1.4.0-linux-amd64" [I 10.216.30.223] level=info msg="Copying app bundles" destination=/opt/dsp/bundles/dsp-1.4.0 source=/home/ec2-user/dsp-1.4.0-linux-amd64/bundles/. [I 10.216.30.223] Copying airgap packages... [I 10.216.30.223] level=info msg="Finished copying app bundles" [I 10.216.30.223] level=info msg="Using dspdir: /home/ec2-user/dsp-1.4.0-linux-amd64" [I 10.216.30.223] level=info msg="Copied all airgap packages" destination=/var/lib/k0s/images/ [I 10.216.30.223] level=info msg="Applying k0sctl.yaml" [I 10.216.30.223] time="2022-11-04T03:38:41Z" level=trace msg="starting k0sctl upgrade check"
- (Optional) To add additional nodes as workers to your cluster after the installation is complete, enter the following commands from the working directory of the node you want to add:
- To print a join command, run the following command from any of the existing nodes in the cluster and copy the output.
./print-join
- Run the following command from the same node:
./join-additional -n <number of nodes to join>
- Run the copied join command from step 6a on your new nodes to join them to your cluster.
While you can add additional controller nodes with this command beyond the requirements of the flavor you selected, adding controller nodes does not improve the high availability guarantees of the cluster, because services are still fixed to the original number of controller nodes.
After these steps, installation continues. Once the installation has finished, k0s outputs the login credentials to access the DSP UI as well as information about what services are now available as shown here:
Finished installing DSP ... To log into DSP: Hostname: https://<localhost> Username: dsp-admin Password: 65227b8789d57426 NOTE: this is the original password created during cluster bootstrapping, and will not be updated if dsp-admin's password is changed The following endpoints are available on the cluster: ENDPOINTS IP:PORT DSP UI <localhost> S2S Forwarder <localhost>:9997 * Please make sure your firewall ports are open for these services * To see these login instructions again: please run sudo dsp admin print-login
Post-Installation
Turn on the Debug Console
The debug console is turned off by default when you install DSP. You can turn the debug console on after installing DSP for troubleshooting purposes. If you want to turn the debug console on, please reach out to the Splunk Support team.
Configure the Splunk Data Stream Processor UI redirect URL
By default, the Splunk Data Stream Processor uses the IPv4 address of eth0 to derive several properties required by the UI to function properly. In the case that the eth0 network is not directly accessible (for example, it exists inside a private AWS VPC) or is otherwise incorrect, use the dsp configure-ui
command to manually define the IP address or host name that can be used to access DSP.
- From the controller node, enter the following:
dsp configure-ui --dsp-host <ip-address-of-controller-node>
- Next, deploy your changes.
dsp deploy dsp-ui
- Navigate to the Splunk Data Stream Processor UI to verify your changes.
https://<DSP_HOST>
- If you are using the Firefox browser, you must trust the API certificate once you navigate to the DSP UI. If you are using the Google Chrome or Microsoft Edge browsers and encounter a "net::ERR_CERT_INVALID" error with no Proceed Anyway option when you click Advanced, click anywhere on the background then type "thisisunsafe" to trust the certificate.
- On the login page, enter the following:
User: dsp-admin Password: <the dsp-admin password generated from the installer>
If you need to retrieve the dsp-admin password, enter the following on your controller node:
dsp admin print-login
To use your own SSL/TLS certificate to connect to these services, see Secure the DSP cluster with SSL/TLS certificates.
Change default password
Once the DSP installer finishes the installation process, the installer prints the default login credentials. For optimal security and to avoid any potential login issues with your DSP deployment, follow the below steps to change your default password when you log into the DSP UI for the first time.
- Navigate to the Splunk Data Processor UI.
https://<DSP_HOST>
- On the login page, enter the login credentials that the installer printed.
User: dsp-admin Password: <the dsp-admin password generated from the installer>
- After logging in, you will be prompted to enter a new password for your DSP deployment. Enter and confirm your new password. You will use this new password for all future logins to your DSP deployment.
- Select Update on the modal to confirm your changes and enter the DSP UI.
If you need to retrieve the dsp-admin password, enter the following on your controller node: dsp admin print-login
Check the status of your Splunk Data Stream Processor deployment
To check the status of different components of your DSP deployment, select from the following commands.
Command | Action | Output return |
---|---|---|
dsp status
|
View a summary of the statuses of your DSP applications and resources. | Prints summary of Kubernetes resource, application, and node checks. An error message appears if any checks return as unhealthy. |
dsp status applications
|
View detailed status information about all DSP applications. | Prints a detailed summary of the application check. |
dsp status nodes
|
View detailed status information about all DSP clusters. | Prints a detailed summary of the cluster check. If any of these checks fail, the status of a node shows as "unhealthy". |
dsp status resources
|
View detailed status information about DSP resources. | Prints a detailed summary of all the Kubernetes resources running on the cluster and their condition. |
Reference
Install flags
The following table lists the main flags you can use with the install command and a description of how to use them:
Flag | Description |
---|---|
--accept-license | Automatically accepts the license agreement that prints upon completion of the installation. |
--location <path> | Changes the location where k0s stores containers and state information. The --location flag mounts persistent volumes in /data/local and stores state information in /var/lib/k0s .
If you use the If you will not have enough disk space in Minimum recommended disk space for |
--cluster <cluster_name> | Gives the DSP cluster a name. If you do not enter a cluster name, DSP automatically generates one for you. This is used by the Splunk App for DSP. |
--flavor <flavor type> | Specifies the flavor type during install. ha3 and ha5 are the available flavors. See Step 4 in Steps to determine which flavor is best for your production environment.
|
--force | Forces installation even if there are not enough required nodes present for the specified flavor requirement. |
--p, --port int | Specifies the port that the SSH server will accept connections from. |
--skip-copying | Skips copying Kubernetes bundles and AirGap files during the k0s install. |
--skip-dsp | Skips DSP installation and only sets up k0s on the cluster. |
--skip-k0s | Skips installing k0s and allows resuming the install from the DSP. |
--t, --timeout int | Specifies how many seconds to pass after the last node-join before the install times out. The timer refreshes every time a new node joins (default 600) |
Preparing Google Cloud Platform to install the Splunk Data Stream Processor | Install the Splunk Data Stream Processor on Google Kubernetes Engine |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.4.3
Feedback submitted, thanks!