Splunk® App for Infrastructure

Install and Upgrade Splunk App for Infrastructure

Acrobat logo Download manual as PDF


On August 22, 2022, the Splunk App Infrastructure will reach its end of life and Splunk will no longer maintain or develop this product.
Acrobat logo Download topic as PDF

Install the Splunk App for Infrastructure in a single-instance deployment

Splunk App for Infrastructure version 2.2.3 is a Splunk Cloud only release and is not available on-premises.

The single-instance Splunk Enterprise deployment serves as both the search head and the indexer. Install the Splunk Add-on for Infrastructure on the same instance of Splunk Enterprise on which you install the Splunk App for Infrastructure (SAI). If you install the Splunk Add-on for AWS, also install it on the same instance.

If you want to integrate VMware vCenter Servers in SAI, you have to install additional components. For more information, see About VMware vSphere integrations in SAI in the Administer Splunk App for Infrastructure Manual.

Steps

Follow these steps to get started with SAI in a single-instance deployment. In addition to installing SAI, these steps show you how to install the Splunk Add-on for Infrastructure, install the Splunk Add-on for AWS, and configure the receiving port for your instance.

1. Install SAI

Follow these steps to install the app.

  1. In Splunk Web, go to Apps > Find More Apps.
  2. Search for Splunk App for Infrastructure.
  3. Select Install and follow the prompt.
  4. Restart Splunk Enterprise.

2. Install the Splunk Add-on for Infrastructure

Follow these steps to install the Splunk Add-on for Infrastructure. When you install the add-on, it creates the em_metrics, em_meta, and infra_alerts indexes. For more information about the source types and components that the add-on configures, see Source types and components for the Splunk Add-on for Infrastructure.

For more information, see Splunk Add-on for Infrastructure.

  1. In Splunk Web, go to Apps > Find More Apps.
  2. Search for Splunk Add-on for Infrastructure.
  3. Select Install and follow the prompt.
  4. Restart Splunk Enterprise.

3. (Optional) Install the Splunk Add-on for AWS

If you want to collect AWS Cloudwatch data from your AWS accounts, follow these steps to install the Splunk Add-on for AWS. Version 5.0.0 is supported.

For more information, see About the Splunk Add-on for Amazon Web Services.

  1. In Splunk Web, go to Apps > Find More Apps.
  2. Search for Splunk Add-on for AWS.
  3. Select Install and follow the prompt.
  4. Restart Splunk Enterprise.

3. Configure the receiving port

Enable receiving on the TCP port for logs and metrics data collection.

  1. In Splunk Web, log in as an administrator.
  2. Click Settings > Forwarding and receiving.
  3. Click Configure receiving. If your Splunk Enterprise instance is not already listening on port 9997, or is not listening to another port you plan to use, click New Receiving Port. If you are already listening on port 9997, go to the next step.
  4. Specify the TCP port you want the receiver to listen on (the receiving port, also known as the listening port). The recommended port is 9997. For example, if you enter 9997, the receiver listens for connections from forwarders on port 9997. You can specify any unused port. You can use a tool like netstat to determine what ports are available on your system. Make sure the port you select is not in use by Splunk Web or splunkd.
  5. Click Save. Splunk software starts listening for incoming data on the port you specified.

4. Configure the HTTP Event Collector to receive metrics data for SAI

Use an HTTP Event Collector (HEC) to collect metrics from collectd and fluentd. Whether you run the easy install script or set up integrations manually, you have to configure HEC for metrics you collect with collectd and fluentd. For more information, see Configure the HTTP Event Collector to receive metrics data for SAI.

Last modified on 13 January, 2021
PREVIOUS
SAI compatibility with related apps and add-ons
  NEXT
Install the Splunk App for Infrastructure in a distributed deployment

This documentation applies to the following versions of Splunk® App for Infrastructure: 2.2.3 Cloud only


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters