All Apps and Add-ons

How to create splunk app,get data in and search while practising in my laptop?

abhi04
Communicator

I am starting with creating a splunk app on my laptop for practising. This will include getting data in splunk,creating fields,masking info,and then creating report and visualisation in search head.
How to proceed with this, how to set up different instance for search head,indexer and forwarder in my laptop?

Tags (1)
0 Karma
1 Solution

FrankVl
Ultra Champion

I wouldn't really recommend trying to set up multiple instances of Splunk on a windows laptop directly.

If you really want to practice with a distributed setup, I think it would be best to install a tool like virtualbox to spin up one or more linux VMs on your laptop and then set up the desired Splunk instances on those.

Alternatively, have a look at this blog post about using Docker to spin up Splunk instances for practicing / testing purposes: https://www.splunk.com/blog/2018/01/17/hands-on-lab-sandboxing-with-splunk-with-docker.html

View solution in original post

0 Karma

FrankVl
Ultra Champion

I wouldn't really recommend trying to set up multiple instances of Splunk on a windows laptop directly.

If you really want to practice with a distributed setup, I think it would be best to install a tool like virtualbox to spin up one or more linux VMs on your laptop and then set up the desired Splunk instances on those.

Alternatively, have a look at this blog post about using Docker to spin up Splunk instances for practicing / testing purposes: https://www.splunk.com/blog/2018/01/17/hands-on-lab-sandboxing-with-splunk-with-docker.html

0 Karma

abhi04
Communicator

Hi Frank,

Would you be having detailed steps for spinning up multiple instances with virtual box as well?

0 Karma

FrankVl
Ultra Champion

No, I don't have detailed steps for that readily available. There is 2 main approaches: spin up multiple linux VMs and then have a single Splunk instance on each, or spin up a single linux VM and put multiple instances on it.

For the first approach: there should be plenty of online tutorials / guides on how to set up linux VMs in virtualbox. For the second approach the wiki mentioned in one of the earlier comments on your question may provide some good clues (as far as I know key thing is to bind each instance to a separate set of ports).

0 Karma

FrankVl
Ultra Champion

Any specific reason you want to practice using multiple instances and not just use a single instance that performs all the functions in one?

What OS do you have on your laptop?

0 Karma

abhi04
Communicator

I wanted to practise for distributed environment for which separate instance would be required.I am using windows 10 currently.

0 Karma

p_gurav
Champion

You can use this link for installing multiple splunk instances :
https://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...