1
00:00:02,050 --> 00:00:08,230
One more process to consider disabling is RSA Linux, which is also known as Secure Linux.

2
00:00:08,500 --> 00:00:19,390
If we do not want to disable Linux completely, we need to allow a C Linux to run Splunk by using other

3
00:00:19,390 --> 00:00:25,930
methods where you can whitelist Splunk process to be allowed or as an exception.

4
00:00:27,190 --> 00:00:29,470
From running outside clinics.

5
00:00:31,340 --> 00:00:40,100
For this example and simplicity of this course, we can see how to disable a c Linux there c linux configurations

6
00:00:40,730 --> 00:00:44,090
are set under this folder or file.

7
00:00:44,420 --> 00:00:45,320
Let us see.

8
00:00:47,190 --> 00:00:52,710
I'll check for the contents of the file using the Linux Command cat, followed by the location of the

9
00:00:52,710 --> 00:00:54,540
file from this file.

10
00:00:55,200 --> 00:01:02,340
We noticed that it is presently enabled and you say enforcing in Linux.

11
00:01:02,590 --> 00:01:12,180
It is clear that Linux is unable to disable use any of the text editor available in Linux.

12
00:01:13,660 --> 00:01:15,220
To open up the file.

13
00:01:21,890 --> 00:01:24,440
And change the value.

14
00:01:24,830 --> 00:01:25,820
Targeted.

15
00:01:27,810 --> 00:01:33,510
Or you can comment about the targeted value and seen the enforcing to disable.

16
00:01:41,630 --> 00:01:47,030
I will change the clinic's status to disable.

17
00:01:57,740 --> 00:02:05,210
Once you are changed or disabled, it's always requires a reboot to.

18
00:02:08,030 --> 00:02:10,940
Make the changes affected.

19
00:02:12,380 --> 00:02:15,170
Now we are disabled as clinics.

20
00:02:15,170 --> 00:02:16,640
Let our instance come up.

21
00:02:17,690 --> 00:02:21,110
In the meantime, we'll move on to our next prerequisites.

22
00:02:24,660 --> 00:02:27,240
The next one is the Ihop's test.

23
00:02:28,110 --> 00:02:37,620
On a indexers mission to test the provisioned IOPS is greater than 200 IOPS, which was as recommended

24
00:02:37,620 --> 00:02:39,360
in our previous tutorial.

25
00:02:39,900 --> 00:02:46,590
We can test IOPS using a third party utility known as Bonnie Plus Plus, which is.

26
00:02:47,610 --> 00:02:49,560
User to test IOPS.

27
00:02:50,360 --> 00:02:56,760
You need to install C++ by default in RedHat Linux, which we'll be using throughout our.

28
00:02:57,870 --> 00:02:58,770
Tutorial.

29
00:02:59,670 --> 00:03:01,570
But C++ is not installed.

30
00:03:01,590 --> 00:03:06,750
We need to download this package, install and then test for the IOPS.

31
00:03:09,630 --> 00:03:12,030
For testing bond C++.

32
00:03:12,030 --> 00:03:15,690
I have already installed one e plus plus on our.

33
00:03:17,520 --> 00:03:18,690
Cloud instance.

34
00:03:19,420 --> 00:03:24,220
Let us see how we can measure Aiops using C++.

35
00:03:24,250 --> 00:03:32,050
This will be your complete command to test your bone C++ where if an D represents the mount point,

36
00:03:32,050 --> 00:03:38,590
which you'll be installing Splunk, we'll be installing Splunk on slash, oped and iPhone, as mentioned

37
00:03:38,590 --> 00:03:41,660
by you, are two times the RAM for this instance.

38
00:03:41,680 --> 00:03:47,530
As of now we have only one GB of RAM.

39
00:03:47,530 --> 00:03:54,040
Since it is our demo instance, we will multiply it by two and mention the ram.

40
00:03:54,040 --> 00:04:02,860
I want you is the user which will be running this read or write operations on this mount point throughout

41
00:04:02,860 --> 00:04:10,030
the course will be creating Splunk as a application account for our Splunk application to run, and

42
00:04:10,030 --> 00:04:17,620
it is highly recommended to Splunk to run as a non privileged account such as Root.

43
00:04:18,910 --> 00:04:20,830
All you have to do is hit enter.

44
00:04:20,830 --> 00:04:29,440
It will start simulating arrival as of now I lot I'll not hit enter because we are going to kill our

45
00:04:29,530 --> 00:04:35,650
demo instance since it has just one GB and probably 300 IOPS.

46
00:04:36,070 --> 00:04:42,310
Now considering we have it enter open up another terminal.

47
00:04:44,380 --> 00:04:45,910
Once you're logged in.

48
00:04:54,200 --> 00:04:55,640
Now we are in.

49
00:04:57,950 --> 00:05:07,100
Use I use that to check every one second to know what is the IAP currently in use.

50
00:05:07,100 --> 00:05:15,590
Since we are not running any operations you can see the transaction per second is as of now is very

51
00:05:15,590 --> 00:05:18,620
less or we can consider it as very low.

52
00:05:19,310 --> 00:05:27,080
If you see C++, considering that we have hit enter here and it starts, you know, simulating the read

53
00:05:27,080 --> 00:05:34,700
and write operations on our op t mount point, you can probably leave it for 10 to 15 minutes.

54
00:05:34,700 --> 00:05:43,700
You'll probably see here 200 1300 noting that that we have achieved our IOPS requirement for Splunk

55
00:05:43,700 --> 00:05:44,780
indexers.

56
00:05:51,320 --> 00:05:59,300
Once we have verified the IOPS meets the required conditions of greater than 200 IOPS, we can proceed

57
00:05:59,300 --> 00:06:00,740
further to.

58
00:06:01,480 --> 00:06:10,720
Next prerequisites of setting limit that you limit as a number of values to set as per Splunk recommendations.

59
00:06:23,680 --> 00:06:29,260
The link that we are using takes straight to the documentation of Splunk.

60
00:06:29,470 --> 00:06:39,850
Just search for EU limit options and set all this options as per a Splunk recommendation so that on

61
00:06:39,850 --> 00:06:48,220
all the Splunk instances, make sure these limits are set for Splunk to run at your optimum performance.

62
00:06:53,980 --> 00:06:56,650
Considering we have set our EU limits.

63
00:07:00,250 --> 00:07:05,650
Let me check if you limit packages are in store on our cloud machine.

64
00:07:21,560 --> 00:07:24,080
This is our present EU limit size.

65
00:07:25,280 --> 00:07:31,730
As you can see, it can start setting all these parameters as per recommendation.

66
00:07:35,060 --> 00:07:35,830
Let us see.

67
00:07:35,840 --> 00:07:37,610
First open files.

68
00:07:39,490 --> 00:07:44,020
You limit if an RN which is set to 1024 by default.

69
00:07:44,050 --> 00:07:49,210
It needs to be as per recommendation set to 8192.

70
00:07:56,080 --> 00:07:58,180
This is as simple as that.

71
00:07:58,210 --> 00:08:00,130
Just mention the command.

72
00:08:00,670 --> 00:08:08,530
You'll see the value and take the recommended value from the Splunk portal and mention it next to the

73
00:08:08,530 --> 00:08:11,170
command so that it is set into.

74
00:08:11,980 --> 00:08:16,360
The you limit once you set all these parameters.

75
00:08:18,790 --> 00:08:26,680
Which should be done to install our first Splunk instance.

76
00:08:28,680 --> 00:08:36,510
Finally have your licenses ready so that once we complete our installation, we can configure the license.