Splunk® Light

Installation Manual

Download manual as PDF

Download topic as PDF

Start using the Splunk Insights for AWS Cloud Monitoring AMI

If you already configured a copy of the Splunk Insights for AWS Cloud Monitoring AMI on the AWS Marketplace, then you have an instance running as the splunk user. It will start when the virtual machine starts.

Unless otherwise required, you should connect to the instance via Splunk Web.

Connect via Splunk Web

  1. In your EC2 Management Console, find your instance running the Splunk Insights for AWS Cloud Monitoring AMI. Take note of the instance ID and public IP.
  2. Copy and paste the public IP into a new browser tab. Do not hit enter yet.
  3. Append :8000 to the end of the IP address and hit enter.
  4. Log into the instance with these credentials:
    • username: admin
    • password: <instance id from management console>
  5. On the next screen, set a new password.

Connect via SSH

This section provides instructions to SSH into your EC2, as well as properly stop, start, and restart the instance.

Prerequisites

To connect to the instance via SSH, you must have access to the private key file attached to the instance.

Steps

  1. Ensure that the proper permissions are associated with the private key file:
    chmod 400 PATH/TO/<private_key.pem>
    
  2. SSH into the instance:
    ssh -i PATH/TO/<private_key.pem> ec2-user@<instance_public_DNS>
    

To stop, start, and restart the instance:

You must stop, start, and restart the instance as the splunk user. To do so, enter the following commands.

  1. Switch to the splunk user:
    sudo -u splunk bash
    
  2. Stop, start, or restart the instance:
    /opt/splunk/bin/splunk {stop | start | restart}
    

To change the file permissions to the splunk user

If you stopped, started, or restarted the instance as a user other than the splunk user, you must enter the following commands. Until you enter these commands to change the user back to the splunk user, the startup scripts for the instance will not work, and the instance will not function properly.

  1. Stop the instance:
    sudo /opt/splunk/bin/splunk stop
    
  2. Set the file permissions for the splunk user:
    sudo chown -R splunk /opt/splunk/etc
    sudo chown -R splunk /opt/splunk/var
    
  3. Switch to the splunk user:
    sudo -u splunk bash
    
  4. Restart the instance:
    /opt/splunk/bin/splunk restart
    
Last modified on 31 July, 2018
PREVIOUS
Get the Splunk Insights for AWS Cloud Monitoring AMI
  NEXT
Upgrade Splunk Insights for AWS Cloud Monitoring AMI

This documentation applies to the following versions of Splunk® Light: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters