略 (请安装17.12以上的版本)
略
| 主机名 | IP地址 | Splunk角色 |
|---|---|---|
| splunk-search01 | 10.211.55.29 | Splunk Search |
| splunk-index01 | 10.211.55.30 | Splunk Index, Splunk Slave License Server |
| splunk-index02 | 10.211.55.31 | Splunk Index, Splunk Slave License Server |
| splunk-master | 10.211.55.33 | Splunk Master |
| splunk-licenser | 10.211.55.34 | Splunk Master License Server |
| splunk-deployment | 10.211.55.35 | Splunk Deployment Server |
| splunk-fd01 | 10.211.55.32 | Splunk Forword |
替换编排文件中的 SPLUNK_DEPLOYMENT_SERVER_IP、SPLUNK_MASTER_SERVER_IP、SPLUNK_LICENS_SERVER_IP为对应的IP地址
SPLUNK_DEPLOYMENT_SERVER_IP=10.211.55.47
SPLUNK_MASTER_SERVER_IP=10.211.55.47
SPLUNK_LICENS_SERVER_IP=10.211.55.47
sed -i "s/SPLUNK_DEPLOYMENT_SERVER_IP/${SPLUNK_DEPLOYMENT_SERVER_IP}/g" splunk_cluster.yml
sed -i "s/SPLUNK_MASTER_SERVER_IP/${SPLUNK_MASTER_SERVER_IP}/g" splunk_cluster.yml
sed -i "s/SPLUNK_LICENS_SERVER_IP/${SPLUNK_LICENS_SERVER_IP}/g" splunk_cluster.yml
docker node update --label-add splunk=searchead01 splunk-search
docker node update --label-add splunk=master splunk-master
docker node update --label-add splunk=indexer01 splunk-index01
docker node update --label-add splunk=indexer02 splunk-index02
docker node update --label-add splunk=licenser splunk-licenser
docker node update --label-add splunk=deployment splunk-deployment启动方法,查看 deploy.sh 与 uninstall-universalforwarder.sh 脚本逻辑
./deploy.sh