1 00:00:03,170 --> 00:00:10,340 In our previous tutorial we saw how to install Splunk on indexer heavy forwarder deployment server and 2 00:00:10,340 --> 00:00:16,160 search it for this tutorial will be using our local machine. 3 00:00:16,160 --> 00:00:19,910 That is my laptop as a remote agent to. 4 00:00:21,430 --> 00:00:23,600 They indexer in our cloud. 5 00:00:23,620 --> 00:00:28,360 This is the Splunk for audit package, which is of latest 6x2. 6 00:00:28,930 --> 00:00:32,860 The steps will be similar on any Windows platform. 7 00:00:38,020 --> 00:00:44,440 Just check this box so that we are accepting license and there is a customized option to change the 8 00:00:44,440 --> 00:00:47,110 default Splunk installation directory. 9 00:00:47,440 --> 00:00:53,570 We have also seen the default Splunk home when we are going through the directory structure of Splunk. 10 00:00:53,590 --> 00:00:55,780 This is your default Splunk home. 11 00:00:55,900 --> 00:01:01,360 If you're installing full Splunk instance, it will be C program files Splunk. 12 00:01:01,780 --> 00:01:08,440 For this tutorial, we'll be showing a demo of a Splunk universal forwarder installation, which is 13 00:01:08,440 --> 00:01:11,050 similar to a Splunk enterprise. 14 00:01:11,080 --> 00:01:15,970 So I'll keep this default setting as it is and I'll be clicking next. 15 00:01:19,140 --> 00:01:24,540 The password it is asking here is for the SSL certificate. 16 00:01:24,600 --> 00:01:32,100 This password, if we have SSL certificate like when we are hosting or sending it to cloud, we can 17 00:01:32,100 --> 00:01:33,120 upload it here. 18 00:01:33,120 --> 00:01:38,310 Or if we are using default Splunk generated certificate, we can leave this blank. 19 00:01:40,090 --> 00:01:43,930 But I'll be running using local system account. 20 00:01:46,310 --> 00:01:46,880 To what? 21 00:01:46,880 --> 00:01:47,780 All we need to. 22 00:01:48,830 --> 00:01:56,290 Let me enable everything so that we get most of the information to our Splunk insurgents. 23 00:01:56,300 --> 00:02:03,380 And if you have any custom directory, let's say D or E direct E file systems where you need to monitor, 24 00:02:03,380 --> 00:02:06,410 you can specify it in this part. 25 00:02:07,190 --> 00:02:13,010 And also, if you're installing on Active Directory servers, make sure you check enable Active Directory 26 00:02:13,010 --> 00:02:13,760 monitoring. 27 00:02:16,470 --> 00:02:20,160 This is one of the important configuration like. 28 00:02:21,070 --> 00:02:27,250 If you have a deployment server in your environment, you can mention the IP and hostname during the 29 00:02:27,250 --> 00:02:28,240 installation. 30 00:02:28,540 --> 00:02:32,470 We'll come to this part when we are configuring our deployment server. 31 00:02:32,490 --> 00:02:41,890 How to add this configuration as part of the installation or as part of using Splunk CLI or using configuration 32 00:02:41,890 --> 00:02:43,240 files as of now. 33 00:02:43,390 --> 00:02:44,530 Leave this blank. 34 00:02:44,650 --> 00:02:45,430 Continue. 35 00:02:45,550 --> 00:02:48,730 Similarly, now it is asking for indexer. 36 00:02:49,450 --> 00:02:59,050 Even indexer IP address will be coming to this part when we are configuring how to set up an indexer. 37 00:02:59,170 --> 00:03:06,190 Then we'll be updating this configuration in your universal forwarder and we'll be showing three methods. 38 00:03:06,190 --> 00:03:08,620 Splunk editing configuration. 39 00:03:09,720 --> 00:03:16,100 And we have completed all this installation, but still those instances are not started up. 40 00:03:16,140 --> 00:03:20,310 We are going to configure them one by one and start those instances. 41 00:03:23,450 --> 00:03:25,490 So let this installation finish. 42 00:03:26,740 --> 00:03:32,230 And we should be able to proceed with the configuration of these installation.