1
00:00:01,600 --> 00:00:08,470
For starting installation of Splunk, we need to make sure a couple of prerequisites are met so that

2
00:00:08,470 --> 00:00:14,590
after installation, our Splunk should be able to run without any performance issues.

3
00:00:15,570 --> 00:00:19,650
Let's begin with discussing about firewall rules.

4
00:00:22,380 --> 00:00:25,980
Which should be mainly focusing on Port 8000.

5
00:00:27,010 --> 00:00:36,370
Which is our Splunk Web port and 1889, which is our Splunk daemon, are also known as Management Port.

6
00:00:38,450 --> 00:00:39,740
The Splunk web port.

7
00:00:39,740 --> 00:00:44,690
8000 should be allowed for HTTP and https traffic.

8
00:00:44,720 --> 00:00:55,370
There are few more ports like K Vista, which is 8191 and observer ports like 8065, which are used

9
00:00:55,370 --> 00:01:01,850
in specific scenarios locally which shouldn't cause any trouble for our installation.

10
00:01:02,390 --> 00:01:14,330
To summarize, make sure HTTP and HTTPS are allowed on port 8080 89 port from deployment server and

11
00:01:14,330 --> 00:01:19,400
other indexes of orders and search it.

12
00:01:21,050 --> 00:01:23,870
And any other components of Splunk.

13
00:01:26,120 --> 00:01:34,010
One more important firewall request to take into consideration is universal forwarder to index their

14
00:01:34,010 --> 00:01:44,600
communication on port triple line seven that is 9997, which is used to send logs to our indexes.

15
00:01:45,230 --> 00:01:50,930
This port is by default, which can be customized into any other port.

16
00:01:53,400 --> 00:01:57,240
That should be it for starting the installation.

17
00:01:57,600 --> 00:02:00,960
Once we have the firewall rules set.

18
00:02:03,300 --> 00:02:06,860
So now we are met with our first prerequisite.

19
00:02:06,870 --> 00:02:07,880
Let's move on.

20
00:02:08,250 --> 00:02:09,720
The next prerequisite.

21
00:02:09,720 --> 00:02:17,640
Some of the process in Linux are known to cause issues during Splunk regular operations.

22
00:02:17,640 --> 00:02:24,330
So it is recommended by Splunk to disable some of these process on Splunk servers.

23
00:02:24,330 --> 00:02:33,930
One such process is known as HP or Transparent huge pages, which are known to cause many issues while

24
00:02:33,930 --> 00:02:35,820
running alongside Splunk.

25
00:02:36,000 --> 00:02:43,440
So it is recommended by Splunk to disable these process before.

26
00:02:44,190 --> 00:02:45,840
Installing our Splunk.

27
00:02:48,040 --> 00:02:51,410
And this is the location of the file.

28
00:02:51,430 --> 00:02:57,040
If we have transparent, huge pages installed on our red ATM machine or.

29
00:02:57,940 --> 00:02:58,770
St Louis.

30
00:02:58,780 --> 00:03:06,370
This is the location where you can change the entry in this file to disable sense in our cloud.

31
00:03:07,710 --> 00:03:12,480
We can see if we are transparent, huge pages installed or not.

32
00:03:15,280 --> 00:03:18,070
Let me copy the location of the file.

33
00:03:19,800 --> 00:03:23,940
I'll check whether we have that file or the processing store.

34
00:03:23,970 --> 00:03:30,330
Now, in our instance, we don't have transparent, huge pages or the THP end store.

35
00:03:30,360 --> 00:03:33,090
It's safe to consider it as disabled.