Advantage of Using "Splunk Light" for the Splunkers in the Organization

Advantage of Using "Splunk Light" for the Splunkers in the Organization

We have been using SPLUNK Enterprise version for quite a long time

and we know the real power of it giving Big Data Solutions.

Splunk Enterprise version is used in a very large scale industry,

but what if there is a budget constraint for any industry OR

a small scale industry could not afford the License but still 

they want to avail such a beautiful features of SPLUNK for 

Log Analysis and other stuff.

YES, you are right , Now we have to think of something which can

reduce the problem of Small Scale Industry and that's why 

the "SPLUNK LIGHT" was born !!

Definition :

Splunk Light is a comprehensive solution for small IT environments that automates log search and analysis. It speeds tactical troubleshooting by gathering real-time log data from your distributed applications and infrastructure in one place to enable powerful searches, dynamic dashboards and alerts, and reporting for real-time analysis—all at an attractive price that will fit your budget.

Splunk Light gives you the ability to pro-actively analyze problems and take immediate action without having to manually gather, organize and sift through gigabytes of log data.

Advantages :

1. A comprehensive product for log search and analysis

   built on Splunk’s proven technology

2. Search, Report and Alert on all your log data in 

   Real Time from one place

3. Designed for small IT environments with free download, 

   easy set up and rapid data on-boarding

4. Online purchase starting at $75 per month (Billed Annually)

5. Easily upgrade-in-place to the Full Splunk Enterprise

Why Splunk Light ?

1. Easy to Buy, Deploy and Use :

         Buy online, install and start using in

         just 10 minutes without any system configuration.

2. Full-Featured Log Search and Analysis :

         Everything you need to troubleshoot and secure 

         your IT environment. Includes collection, 

         indexing, monitoring, reporting and alerting.

3. Priced & Packaged for Small IT Environments :

         Easy download optimized for use on a single server.

         Starts free up to 500MB/day and affordably 

         priced as you grow. 

4.   Built on Proven Splunk Technology :

         Leverage powerful Splunk technology with

         universal collection and indexing from any

         log format and real-time search. 

5. Integrated Monitoring and Alerting :

         Alerts can automatically trigger actions 

         to send automated emails, execute remediation scripts,

         or post to RSS feeds.

 Splunk Light VS Splunk Enterprise Comparison

 Hope you have got an Idea about the SPLUNK LIGHT , its uses,

 its advantages of being used by the Industry very rapidly

 and Advantage of Using "Splunk Light" for the Splunkers 

 in the Organization

Happy Splunking !!

1

Migration of the Master Node in an Index Cluster Environment

Migration of the Master Node in an Index Cluster Environment

We might need to replace the Master-Node for either of these reasons : 

1.  The Node Fails

2.  We need to move the Master to a Different Machine or Site .

For Example :  We will consider the following :

OLD  :  XX.XX.XX.XX           ( It is an IP Address of the OLD Master Node )

NEW : YY.YY.YY.YY            ( It is an IP Address of the NEW Master Node in which we are 
                                                      going to Migrate our OLD Master Node )

_____________________________________________________________________________

**** The NEW does not use the Same IP address  or Management Port as the OLD one  ****


1.  Go to OLD ,
 
****   Stop the Splunk  ***

   #   ssh root@XX.XX.XX.XX
   #  cd /opt/splunk/bin
   # ./splunk stop
 

2.  Go to NEW

****   Install Splunk and Stop it  ***
 
    #  ssh root@YY.YY.YY.YY
    #  cd /opt/splunk/bin
    #  ./splunk start --accept-license
    # ./splunk stop 


3.  Go to NEW

     #  ssh root@YY,YY.YY.YY
     #  cd /opt/splunk/etc/system/local/
     
 Copy the ' sslKeysfilePassword=<somevalue>' to the notepad from 'server.conf' file


4.   Go to OLD 

****  Copy the server.conf file from OLD to NEW  ***

       #  ssh root@XX.XX.XX.XX
       #  cd /opt/splunk/etc/system/local
       # scp server.conf root@YY.YY.YY.YY:/opt/splunk/etc/system/local/.
   
****   Copy the master-apps directory from OLD to NEW  ***

      #  cd /opt/splunk/etc/
      #  scp -r master-apps root@YY.YY.YY.YY:/opt/splunk/etc/.


5.  Go to NEW

      # ssh root@YY.YY.YY.YY
      # cd /opt/splunk/etc/system/local
      # vi server.conf <enter>
   
       Remove the line with ' sslKeysfilePassword=.****'  and 
       Copy from your notepad and paste it hear :-  ' sslKeysfilePassword=<somevalue>' 

       Replace the value of a ' ServerName' with YY.YY.YY.YY

     #  /opt/splunk/bin/splunk start


_____________________________________________________________________________

****  Now, we have to update the 'master_uri' settings on all the peers and search heads to point the (NEW) Master's IP address and the Management Port  ****


1. Go to any one INDEXER,

     #  ssh root@Indexer_IP
     #  cd /opt/splunk/etc/system/local
     #  vi server.conf < enter >

     Where ever you find 'master_uri' , replace its value with https://YY.YY.YY.YY:8089

     #  /opt/splunk/bin/splunk restart


Note : Perform the above actions for all the Indexers in the Cluster



2.   Go to any one SEARCH HEAD,

     #  ssh root@SearchHead_IP
     #  cd /opt/splunk/etc/system/local
     #  vi server.conf < enter >

     Where ever you find 'master_uri' , replace its value with https://YY.YY.YY.YY:8089
     
     Replace the value of 'conf_deploy_fetch_url'  with https://YY.YY.YY.YY:8089

     #  /opt/splunk/bin/splunk restart


Note : Perform the above actions for all the Search Heads in the Cluster



Now your Master Node in the Cluster Environment has been successfully Migrated !!

Hope you are now comfortable in : Migration of the Master Node in an 
Index Cluster Environment

HAPPY SPLUNKING !!

5