could I run splunkit-server and splunk-client in t...

guitar2002 · ‎07-25-2017

could I run splunkit-server and splunk-client in the same splunk instance server while running search testing?

guitar2002 · ‎07-25-2017

Actually I had succeed to run splunkit gendata and index testing on the splunk server.
Then I run the splunkit-server and splunk-user command in the splunk server for searchtest.
I can see it opened firefox browser and then nothing to do.

Splunk-server console log:
The Splunk web interface is at http://Win2012_Splunk:8000

[2017-07-25 02:36:19,410] SearchTestSetup: Splunk restarted successfully
[2017-07-25 02:36:19,410] SearchTestSetup: Adding file monitors for streaming data and final results (when available)
Added monitor of 'C:\splunkit\splunkit-server\results\data.log'.
Added monitor of 'C:\splunkit\splunkit-server\data\streaming'.
[2017-07-25 02:36:20,128] TestDriver: Issuing setup command to all connected agents
[2017-07-25 02:36:20,128] ServerMain: Setting up agent(s)

Splunkkit-user console log:
PS C:\splunkit\splunkit-user> python .\bin\searchtest.py
server host: Win2012_Splunk
server port: 8080
[2017-07-25 02:31:57,365] ClientMain: Starting Pyro client with standalone=False, detach=False, and keep_alive=False
[2017-07-25 02:31:57,365] ClientMain: Initializing PyroClient object
[2017-07-25 02:31:57,365] ClientMain: Attempting to connect to server
[2017-07-25 02:32:54,332] ClientMain: Fetching server properties
[2017-07-25 02:32:54,426] ClientMain: Starting new agent thread
[2017-07-25 02:32:54,426] AgentControl: Initializing agent thread 0
[2017-07-25 02:32:54,441] AgentControl: Connected to server, received id 8w3Li
[2017-07-25 02:32:54,441] AgentControl: Starting agent helper thread for agent thread 0
[2017-07-25 02:32:54,441] AgentControl: Received waiting status from agent helper thread 0
[2017-07-25 02:36:20,315] AgentControl: Setting up agent thread 0
[2017-07-25 02:36:20,424] AgentControl: Received setting up status from agent helper thread 0

gcusello · ‎07-25-2017

Hi guitar2002,
you can have both the Splunk instances on the same server but you cannot send logs from a forwarder to a Splunk Enterprise on the same server, because you need two different hostnames and IP addresses.
If you're doing a test of getting data from a Forwarder, you can configure two virtual machines on the same server and use them.
If your need is instead only to run a search on server logs, on Splunk Enterprise you can configure inputs without using a Forwarder.

Bye.
Giuseppe

guitar2002 · ‎07-25-2017

An error occurred:

In handler 'savedsearch': Argument "actions" is not supported by this handler.

guitar2002 · ‎07-25-2017

I use the splunkIt test tool for the search testing by searchtest.py. but the searchtest.py open the firefox then do nothing else.
I can not see any search action in here.

guitar2002 · ‎07-25-2017

I use the splunkIt test tool for the search testing by searchtest.py. but the searchtest.py open the firefox then do nothing else.
I can not see any search action in here.

gcusello · ‎07-25-2017

with splunk-user, do you mean web interface?
if you have a browser on the Splunk server you can use it for searches.
see tutorial at https://www.splunk.com/view/education-videos/SP-CAAAGB6

Bye.
Giuseppe

guitar2002 · ‎07-25-2017

sorry for the typo. I mean run splunkit-server and splunk-user searchtest script in the same splunk server.

could I run splunkit-server and splunk-client in the same splunk instance server while running search testing?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases