Integrate an installation of Splunk Enterprise onto a system image
Read this topic to learn how to integrate a full version of Splunk into a Windows system image. For additional information about integrating Splunk into images, see Put Splunk onto system images.
- Using a reference computer, install and configure Windows to your liking. Install any Windows features and components that you need, and confirm that Windows Update has applied the latest patches and security updates.
- Install and configure any applications that you need, taking into account the Splunk system and hardware capacity requirements.
- Install and configure Splunk Enterprise.
You can install using the GUI Windows installer, but more options are available when you install the package using the command line.
- After you have configured the data inputs that you want Splunk Enterprise to collect, open a Windows command prompt.
- From this prompt, stop Splunk Enterprise by changing to the
%SPLUNK_HOME%\bin
directory and running.\splunk stop
- Remove any event data that Splunk Enterprise might have collected by running
.\splunk clean eventdata
. - Close the command prompt window.
- Open the Services control panel and confirm that the
splunkd
andsplunkweb
services are set to start automatically by setting their startup type to 'Automatic'. - Prepare the system image for domain participation using a utility such as Sysprep, Windows System Image Manager (WSIM), or Deployment Image Servicing and Management (DISM).
Microsoft recommends using SYSPREP and WSIM as the method to change machine Security Identifiers (SIDs) prior to cloning, as opposed to using third-party tools (such as Ghost Walker or NTSID.
- After you have configured the system for imaging, reboot the machine and clone it with your favorite imaging utility.
The image is now ready for deployment.
Integrate a universal forwarder onto a system image | Launch Splunk Web |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Feedback submitted, thanks!