Sign in Subscribe
3 min read Splunk

Installation of Splunk

Splunk is a tool you can use to derive value from your big data. It enables you to incorporate insights from a variety of tools, allowing you to collect, search, index, analyse, and visualize your data from a central location.

Installing Splunk on Ubuntu Server

In previous article, we looked at benefits of having Splunk in an organisation. In this article, we will be looking at how we can get Splunk Instance installed on a server and access it from our client machine.

Content Table

  • Installation of Ubuntu Server
  • Installation of Splunk Enterprise

First we need to install Operating System where we will be running our Splunk Tool from, we can install lite version, which doesn't take up much space on our hardware and runs on terminal.

Ubuntu Server is a great lite weight OS that build for servers without any background software that could slow the machine or interfere with server operation .

  1. Download Ubuntu Server Long Term Support (LTS)
  2. Set-up Virtual Box using the ISO downloaded
  3. Ensure Network Connection is set to Bridged Adapter
  4. Run the VM and follow the on-screen instructions
  5. Update installation packages this command  sudo apt-get update && upgrade

Once Linux OS is ready, we can go ahead and install Splunk

  1. Register on Splunk website to download Splunk Enterprise
  2. Click on .tgz download button and copy the wget link for Command Line download
  3. On Ubuntu server, navigate to cd /tmp/ then past the wget link we copied
  4. Once the download is completed, navigate to cd /opt/ directory
  5. Extract files to using command sudo tar xvf /tmp/splunk-9.0.2-17e00c557dc1-Linux-x86_64.tgz Your version of Splunk will be different.  Press Tab key after typing splunk to auto complete filename.
  6. We should have fully fully fledged Splunk Installation inside /opt/splunk folder
  7. Run this final command to install the Splunk sudo /opt/splunk/bin/splunk start --accept-license
  8. First time we run this command, it will launch the Splunk install, which suggest us to create an administrator account before starting Splunk.
  9. Now, we should able to access Splunk on one of the following URL https://127.0.0.1:8000 or https://<servername>:8000
  10. Enter the following command to make Splunk start at boot up sudo ./splunk enable boot-start
  11. Splunk Dashboard will be ready to access with our admin credentials
💡
Tip: Tab button on keyboard would automatically complete the file name, given the first couple of letters. This saves us from typing long file name and mistyping.

Visual Guide : Installation of Splunk

Step 1 - Register an account with Splunk
Step 2 Click on Download next to .taz file 
Step 2.1 - Get wget command link to .tgz file
Step 4 - Download Splunk from CLI in /tmp/ folder
Step 4 -5 - Extract .tgz file to /opt/ directory, where splunk should live
Step 6-8 - Installation of Splunk and Creating an admin account
Step 9 - Splunk is ready to access over Web UI
step 10 - Make Splunk start at Boot
Step 11 - Access to Splunk Web UI

When logged into Splunk Enterprise, It should give us option to for Apps, Dashboard, Index, Visuals and more advanced settings, which we will be covering on next article.

Splunk Enterprise home page

Published by:

Jay Croos

You might also like...

May
14

How to harden Linux Server like a Pro!

8 min read
Apr
21

Scan your Home Network using Nessus on Docker

4 min read
Apr
20

Introduction to Docker & Containers

8 min read
Apr
13

Using Splunk to monitor pfSense Logs

6 min read
Mar
27

Detect brute-force attacks and mapping it through Azure Sentinel.

10 min read

Member discussion