This guide describes how to setup SplunkStorm for Elastic-beanstalk with Auto-scaling & Standalone EC2 instances.
What is Splunk Storm?
Splunk Storm is a cloud-based service that turns machine data into valuable insights. Machine data is generated by web sites, applications, servers, networks, mobile devices, and the like. Splunk Storm consumes machine data and allows users to search and visualize it to monitor and analyze everything from customer clickstreams and transactions to network activity to call records.
Setting up Splunk Storm
Download and install the universal forwarder for *nix
In eleven easy steps!
Get the forwarder and credentials package
- In the Storm UI, navigate to the project you want to forward data into. Click Inputs, then Forwarders.
2. Download forwarder credentials for this project by clicking credentials package (stormforwarder_<project_id>.spl ). This package contains the authentication credentials and configuration that allow sending data to this project only. Do not skip this step.
Note: Do not share this information with anyone else, as it contains your access token.
3. Follow the link to the universal forwarder downloads (splunkforwarder_<package_name>.rpm ) page and download the package of your choice.
Creating a local repository for install forwarder & credentials packages.
- Create a S3 bucket with owner full access.
- upload the splunkforwarder_<package_name>.rpm & stormforwarder_<project_id>.spl . Chage the both packages permission to owner Full Control & All user Read.
Ex URL -: https://s3.amazonaws.com/SplunkRPM/
Splunk Storm auto-deploy script.
if pgrep splunk >/dev/null 2>&1
echo spluk > test
su --session-command="/bin/rpm -i splunkforwarder_<package_name>.rpm"
su --session-command="ln -s /opt/splunkforwarder/bin/splunk /usr/bin/splunk"
su --session-command="/opt/splunkforwarder/bin/splunk start --answer-yes--no-prompt --accept-license"
su --session-command="/opt/splunkforwarder/bin/splunk install app stormforwarder_<project_id>.spl -auth admin:changeme"
su --session-command="/opt/splunkforwarder/bin/splunk login -auth admin:password"
su --session-command="/opt/splunkforwarder/bin/splunk add monitor /usr/share/t omcat7/logs/catalina.out -hostname Testhost -sourcetype log4j"
su --session-command="/opt/splunkforwarder/bin/splunk restart"
Install the forwarder & credentials packages.
- Create a .ebextensions top-level directory of your source bundle.
- Copy the script to the .ebextensions folder. ( .ebextensions/SplunkStorm.config.)
- Crate “war” file & upload the war file to the Elastic-beanstalk.
- After war file deployment is successfully completed
- Go to the www.splunkstorm.com & click Dashboard then click Data Summary & select Testhost in host column.