6 hours 3 minutes
Hello and welcome back to the Splunk Enterprise Certified Administrator course on Cyber. In this video, we're gonna be doing a lab where will just review how to set up your Splunk license server and then also how to set up your other Splunk enterprise instances to report to this device for their license information.
So let's just get started. First, I'll show you how to access the license information from Splunk Web. So first, obviously sign into Splunk Web
and they go to settings and under system licensing.
And so, if you wanted to add a new license to your license server, you can simply select, add license and then browse to select a file. Or you can copy and paste the XML from the file directly in here by clicking this and then you just click install, and then it will trigger a restart for Splunk.
There is another option for saying this up. If you want to do it through the command line, then you can simply go to this directory. Uh, whatever your Splunk home is at sea licenses
and then you would just put it in this directory and it should be a dot license file, Whatever your license is.
Andi that so? That's another Bible option to do it. I tend to just do it through the Web because this is very simple and easy on. There's no way to manage this directory
from a deployment app or from the deployment server, anything. So you would have to manually go in here to set this up anyways, so you don't get any benefit from not setting up in Splunk web. So this is how I would normally do this
and then, uh, likewise, if you were configuring the license slaves or clients to report to this license server, the way that you could do that is also by going into their Splunk Web
settings licensing and changed to slave.
Ah. Then you select this option and put in the U. R I Sobh e t p p s colon ford slash ford slash
my I p address in this instance, And then whatever the *** management port is, which should always be 80 89 unless you have some
good, valid business reason for changing it,
and then you just hit save and that would change your device to a license slave which just means that instead of checking its own local directory for the license, it will ping into whatever device you specify here and check for their license information. Now,
this is not the way I would ever recommend setting this up, So I'm just showing you for the sake of you knowing and in case it comes up on the exam. But I would not recommend you set up this way.
They're obviously I'm gonna recommend you do it directly through the configuration files. I think you've probably called on by now. That's how I prefer to do everything.
So I guess I'll show you the command line way to do this as well. But again, not the way out advice doing it. But you dio up Splunk been Splunk. I believe
it's that edit command. See, I don't even use this. So let's look it up just to make sure So I'm not typing randomly, but I believe it's
the, uh Seelye, Let's do that.
Configure a license. Slave.
use command line.
Okay, so this is the command toe adolescent slave Splunk at it. So I was right. But I would not have guessed the rest of this licensure hyphen, local slave. So this is setting it so that it knows that. Hey, me local my eye.
I'm going to be a license slave to
uh, device. Whatever you specify here, in my case, it would be a C t p p H t T p s colon for it slash ford slash this I p address colon 80 89.
But again, I would not recommend doing it this way. So what? What? This command and what this change both do is they actually change server dot com.
And so there's a stanza in there for setting your license server. So you just really want to actually set it directly through that? So I'll show you if you just same way we've been doing
throughout this course. If you do license dot com No, not license that Khonsari server dot com
Splunk and I just happened already. Have it. But this should bring up the first Google result.
I mean, just search for license on. Maybe you'll have to tap through a couple times,
but here it is. So this is the stanza license. And then you set the master. You are. I will either be self,
which is the default, or you can specify your I.
So let's go back here and do a few tool
server list and what's just there debugging there and sorry, let's actually just do license because that's all we care about. I'm gonna clear this Brennan again, So you get a better view
so you can see this is where this information is. This master you are. I is currently set to self.
So the way that we want to change this if this is the default server dot com
Obviously, if you've been listening, I'm gonna push for let's set it through a deployment app on the deployment server.
this device just also happens to be my employment server.
So you would go to your deployment server, go to the deployment APS directory, making a new directory do dash P because we're going to be adding a subdirectory as well. And we'll dio
We'll just do Spong
I don't know if I really like that license
license client slash default.
That kind of describes what we're doing here. We're making all of our spawn components license. We're making them clients to the license server.
So we'll do that default on. We know that it's server dot com. We know that it's license on. We know that it master you are I is what we want to set here. We know it's https, whatever the I p addresses. So we'll go hopes and I get to see my steam library. Sorry about that.
But we'll go back to here, grab our
I p address
case that in
and then the management for
And so this would be the setting
that we're setting. Teoh basically make it so that
our clients will
know where to go for the license server. So then all we would need to do beyond this is go to our Ford or management where we would make a server class.
Uh, let's say Splunk, because we know it's only spawn components. Fall
Add the app to it
will know that this needs a restart to enable that setting.
And then the way you would want to do this is set it up so that this only applies to your Splunk enterprise instances because they're the only ones that don't need this. So we could make it like, let's just say in my environment, s P o K star is how you know what's a Splunk device.
So I could said this naming convention.
So then this will automatically. Anytime a Splunk device comes into my deployment server, this will automatically it sent to them and they'll become they'll become clients of my license, master. So
that's basically how you really would actually want to set this? Um,
the only, what else do we need to discuss with this? So we've gone over how to install a new license. We've gone over the different ways to configure a license client, and now we have a server class that will make all of our Splunk devices,
clients of the licence master. So I think that covers just about everything. The only other topic we might want to cover really quick is just how to see your license information. So it would be in this, uh,
and you just click this usage report, and so
this when your license several will give you some cool overviews of you know how much of your license you're using If you have it broken into groups, you could get some mawr into pools. You can get some more granular information as well, if you just want to see
I don't have any data in here, so I'm not I'm not indexing anything. So and I also
I only have the free license. So this isn't the best example. But this is where you would go to basically see reporting on your licensing.
Or you could be searching on your internal index for sources license usage
as well. Start wild card. That's that its source contains license usage. And that would give you some of this information as well. It might even be how this operates. Weaken. Check that.
Yeah. Say source equals licence usage dot log,
but yes. So this is this is where you would go to review your license information on your license server. Or you could run these searches really anywhere to get this information.
But that covers everything we need to know about the license server. Now you know how to install your license, set up your license server, and then how to set up clients And then also how to set up your server classes so that instantly all servers, Spong servers, that phone home to the deployment server will automatically register
this license server that wraps it up for this lab. And we will see you in the next video.
Certified Information Security Manager (CISM)
Cybrary's Certified Information Security Manager (CISM) training is a great fit for IT professionals looking ...
13 CEU/CPE Hours Available
Certificate of Completion Offered
The CompTIA Security+ SY0-501 certification course helps you develop your competency in topics such as ...
46 CEU/CPE Hours Available
Certificate of Completion Offered