I have been testing Splunk window version on my Microsoft Window XP(32bits). Window version 
was easy to install and control Splunk software. But somehow, I don’t feel like power of Splunk is fully used. Beside it kinds of slow than I thought. When I researched about Splunk, realized most of power users are using either Linux or Mac OS version of Splunk. I decided install Splunk on OpenSuSE 11. As usual I googled some install info before start installation and I found some interesting comments that "Do not use OpenSuSE for Splunk, it doesn’t work". Yes, it happened to me. But there were tips to resolve the issue. See below notes.
Whole process of installation was fairly easy. In this example, I will try to install Splunk with rmp version.
1. Download
Download fresh source file from the website below.
http://www.splunk.com/download?r=homepage
Currently I am using OpenSuSE 11 64bit version. It runs on VMware ESXi which is one of my favorite in my testing environment. So I downloaded splunk-3.4.10-60883-linux-2.6-x86_64.rpm.
2. Install (double click)
After downloaded the rpm file, and double click it from download folder. It had automatically created a directory as "/opt/splunk" and extracted all the files he needs.
3. Execute
Go to a directory Server:/opt/splunk/bin and execute below command
OpenSuSE_Server:/opt/splunk/bin# ./splunk start &
Few seconds, you will get a message like "Splunk is started", then open a browser and type "http://OpenSuSE_Server:8000"
Now, I can see Splunk initial page and seems like installation is done.
4. Yes, it’s hanging
While I was looking around some options, browser was just hanging forever… Yes, it was happening to me. And I have found a tip to resolve this issue on Splunk Knowledge pages. I just denoted the information here for your convenience.
Go to /etc and edit files name as "mime.types". About middle of the files, you will see below statements and just delete it. You might want to same origin file though in case you need it later.
text/x-xsl xsl
text/x-xslt xslt xsl
And few lines down another statement need to be modified
text/xml xml —> text/xml xml xsl
Now, you need to restart Splunk and also restart your browser to clear cache
To stop;
OpenSuSE_Server:/opt/splunk/bin# ./splunk stop
To Start;
OpenSuSE_Server:/opt/splunk/bin# ./splunk start &
5. Auto execute
If you want to execute Splunk when your system starts, try below commands
./splunk start --accept-license
./splunk enable boot-start
6. Don’t forget opening port on your firewall function
Make sure your firewall is allowing necessary TCP/UDP ports. In my case, default port number 8999 and UDP 514 for syslog.
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
