01. 시작 하는 법

 

Installation Download the dataset file indicated above and check the MD5 hash to ensure integrity. Install Splunk Enterprise and the apps/add-ons listed in the Required Software section below. It is important to match the specific version of each app and add-on. Unzip/untar the downloaded file into $SPLUNK_HOME/etc/apps Restart Splunk The BOTS v2 data will be available by searching: index=botsv2 earliest=0 Note that because the data is distributed in a pre-indexed format, there are no volume-based licensing limits to be concerned with.

 

• Splunk Windows 버전 다운로드  
• BOTS 버전에 맞는 Required Software 에 있는 add-ons 다운로드 및 활성화
• BOTS 버전에 맞는 Dataset 다운로드 및 압축풀기
• Splunk Stop 시키기
  

  

• 압축 푼 Dataset 을 apps 하위 경로로 옮기기 
• 다시 Splunk Start 시키기 
• index=botsv2 earliest=0 인덱스로 검색되는지 확인하기 

 

(참고) apps 경로 및 Splunk Restart 방법 

c:\Program Files\Splunk\etc\apps   cd c:\program files\splunk\bin  splunk stop  splunk enable webserver  splunk start