- Download the appropriate distro: http://www.splunk.com/download
- Start splunk:
sudo /opt/splunk/bin/splunk start
- It will ask for a password. The default is
admin/changeme
- Enable splunk to listen on an external port
sudo /opt/splunk/bin/splunk enable listen 9997
- Download the appropriate distro: http://www.splunk.com/download/universalforwarder
- Configure the forwarder to connect to splunk server:
sudo /opt/splunkforwarder/bin/splunk add forward-server 192.168.0.5:9997
- Start the forwarder:
sudo /opt/splunkforwarder/bin/splunk start
- When prompted for password, use the same as the splunk server:
admin/changeme
- Ask the splunk forwarder to monitor syslog: sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/syslog
- Install slc:
npm install -g strongloop
- Run your application with atleast cluster=1:
sudo slc run --cluster 1 --syslog
- curl http://localhost:3000?msg=this_is_a_test
- Now you should be able to search for
this_is_a_test
on the splunk console