We have recently had Splunk installed by professional services however with them being so proficient during the install we didn't really get our heads round every part of the install process for TA's.
It was said that installing from the GUI doesn't always work well as it fails to set file permissions correctly. I have therefore compiled what we think to be the install sequence and would welcome some feedback - that is to say have we missed anything?
Thanks in advance.
Rich
1) Download new TA from Splunkbase in .tgz format
2) Copy onto Splunk server /home/xxxx
3) cd /opt/splunk/etc/deployment-apps
4) Unpack splunkxxxxx.tgz to /opt/splunk/etc/deployment-apps
tar -xvf /home/xxxx/splunk-add-on-TA.tgz
5) Change ownership of new app folder
**sudo chown -r splunk:splunk **
6) Copy into /opt/splunk/etc/apps
cp -a /opt/splunk/etc/apps/
7) Restart Splunk
./splunk restart
😎 Create new server class
Navigate to: Splunk>Settings>ForwarderManagement>Server Classes
New Server Class (hyperv in this case)
Add Windows HyperV App
Edit Apps > Selected Splunk_TA_microsoft-hyperv
Added Clients
Edit Clients > add in hyperv servers
9) Create new index
Navigate to: Splunk>Settings>Indexes
"New Index"
Index name = hyperv
App = Splunk_TA_microsoft-hyperv
10) Copy input.conf into new app folder
/opt/splunk/etc/deployment-apps/Splunk_TA_microsoft-hyperv/default/input.conf
to
/opt/splunk/etc/deployment-apps/Splunk_TA_microsoft-hyperv/local/input.conf
... View more