How to setup Splunk for monitoring Zenoss logs.

This is a short how to because the basic setup of Splunk takes about 10 minutes. I am setting it up on the same server as Zenoss and will integrate both of them soon. I ultimately would like to use Splunk to connect to the Zenoss mySQL database.

Two quick notes on the free Splunk version.

  1. You can only process 500 MB per day.
  2. It does not have any built in security but per the Splunk site. http://www.splunk.com/doc/latest/installation/sysreqs#WhollbeabletoSplunkyourData


Now Lets get started.
Download Splunk. http://www.splunk.com/index.php/predownload?d=progeneric

Install rpm -Uvh splunk-2.2.3-18173.i386.rpm

This is the screen output.

Preparing... ########################################### [100%]
1:splunk ########################################### [100%]
----------------------------------------------------------------------
The Splunk Server has been installed in:
/opt/splunk

To start the Splunk Server, run the command:
/opt/splunk/bin/splunk start

To use Splunk's web interface, point your browser at:
http://dan.varnett.org:8000

Complete documentation is at http://www.splunk.com/r/docs
----------------------------------------------------------------------


Start Splunk /opt/splunk/bin/splunk start

On the first start up you have to agree to the worlds longest licencing agreement.
The install is done and you can do the rest from the web interface.

Open FireFox and go to http://host.example.org:8000



Select "Admin" "Data Imputes" "Files and Directories"

"Add Imput" on the right.

Add the Zenoss directory.

Now you can use Splunk to search your Zenoss problems.

I plan on integrating the two products so I can Splunk the SNMP data Zenoss is storing in mySQL. I will update the site with a how to when I am done.