This page explains how to install a Splunk server for uberAgent.
- Download Splunk
Please see this KB article for details on supported Splunk versions.
Run through Splunk’s setup on the designated Splunk server (in this simple tutorial we assume that you only have a single Splunk server). Choose Local system user when asked for a Splunk user.
Once Splunk is installed: if you have a firewall enabled, make sure that communication is allowed for splunkd.exe and splunkweb.exe (both normally located in C:Program FilesSplunkbin). For Windows Firewall the recommended configuration looks like this:
Log on to the Splunk console by navigating to http://servername:8000 in your browser.
If you plan to use Splunk Enterprise and already have a license, install it through Settings -> Licensing. If you do not have a license yet: Splunk runs in Enterprise mode with an allowed daily data volume of 500 MB for 60 days. Then it switches to the free version.
If you plan to have the endpoint agent send the collected data to Splunk’s HTTP Event Collector follow the steps in this article.
Read on about how to install uberAgent.