2 hours 29 minutes
this module three video will be installing a universal foreigner
as a review. A universal forger gets installed on the machine you want to collect data from and Fords it on to be indexed and used.
There are other ways to get data in this monk, but this is a popular and useful method.
At this point, there are a few checks you should do to make sure when you install the universal Foreigner, you're able to send the data you want. Onward.
You'll need to make sure there's a clear path of communication between
where you install the universal forger in your splint, server and other splint components. When you decide
to break it out and add more pieces,
Splunk, by default, also uses several ports that will need to be open and allowed first book to work.
You also want to make sure that the account you're using to set up *** have the necessary permissions to access the data you want to Ford.
In this simple environment, you'll need ports 9997 and 80 89. Unless you like the chains ease from the default options.
This diagram from *** dot com is helpful at visualizing the communication path in this video or focused down here
on the communication between universal foreigner indexers and deployment server.
While it's important to know how to go through a manual insulation of the Universal Florida, another option to consider when you get to a larger environment is using a deployment tool like S E C M answerable or chef.
So to get started, I've got to
Machines will be working from this Lennox box is gonna be my main sponsor. Ver. It hosts a search head where we can log into Enron searches and checks and also functions for indexing and managing foreigners.
And then this Windows
machine is where we'll be installing the Universal Foreigner to start off. I'm logged in this point dot com. From here, we'll go to products
free trial and downloads
and then scroll down where we can download the Universal Foreigner
already downloaded it to save us some time. So I'm just gonna hop into my downloads folder here
and double click on this fur on it
except the license agreement hit next,
create a user name and password,
and then our,
like you mentioned, we're not doing a distributor environment so our search head is
performing multiple roles, including that of a deployment server. So I put in the I p for that and the default management I p of 80 89
went next, and I'm also gonna put it here
as it works as an index. Sir.
Quick next and install
yes on that.
And it's successful insults. I'm gonna click finish.
And once you've done the install, something you'll probably want to do is restart the Splunk service.
I'm just gonna open this up. Scroll down Thio Splunk for their service.
thio my Lennox machine here
and we're gonna go to settings once we've logged into the Web console
and Ford or management
and it's not yet picking it up.
Sometimes it takes a second
men in there and do a couple of refreshes. But now, under four other management, we can see this is the name of the host where installed the universal foreigner. So it's successfully reporting back
ah, to our deployment service last search head.
So with that, we could say that we've successfully completed the activity for this video and the next video will be for Module four will be working with data.
Thanks for watching
Splunk online test helps to assess knowledge of Splunk which is an advanced, scalable and ...
Event Log Collection
In this lab you will use Splunk Enterprise to ingest logs from a local host ...