what is Splunk Enterprise?
Splunk Enterprise is a software product that enables you to search, analyze, and visualize the data gathered from the components of your IT infrastructure or business. Splunk Enterprise takes in data from websites, applications, sensors, devices, and so on. After you define the data source, Splunk Enterprise indexes the data stream and parses it into a series of individual events that you can view and search.
To administer the Splunk Enterprise deployment, manage and create knowledge objects, run searches, create pivots and reports, and so on you can use the Web Browser, or you can also use the command-line interface.
In this tutorial, we are going to show you how to install Splunk Enterprise the free version on the Ubuntu 16.04 LTS or Ubuntu 18.04 LTS Server.
– Create a Splunk account and download the Splunk Enterprise Software from the official website here
– Use the following command to download Splunk package and place it in the /tmp directory
root@ylclspkas01:/tmp# wget -O splunk-7.1.2-a0c72a66db66-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-Linux-x86_64.tgz&wget=true'
– After downloading the Splunk software, let’s extract it under the /opt directory:
root@ylclspkas01:/tmp# tar -xzvf splunk-7.1.2-a0c72a66db66-Linux-x86_64.tgz -C /opt
– Execute the below command to start Splunk, you’ll be prompted to accept the license agreement and enter the administrator account password:
root@ylclspkas01:~# cd /opt/splunk/bin/ root@ylclspkas01:/opt/splunk/bin# ./splunk start [...] Splunk Software License Agreement 04.24.2018 Do you agree with this license? [y/n]: This appears to be your first time running this version of Splunk. Create credentials for the administrator account. Characters do not appear on the screen when you type the password. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password: Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus .........................+++ ..................................................+++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus ..............................................................+++ .....................+++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Splunk> Finding your faults, just like mom. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Creating: /opt/splunk/var/lib/splunk Done Waiting for web server at http://127.0.0.1:8000 to be available.................... Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://ylclspkas01.yallalabs.local:8000
– If you want to run Splunk at boot, you’ll have to execute the following command:
root@ylclspkas01:/opt/splunk/bin# ./splunk enable boot-start splunkd 3160 was not running. Stopping splunk helpers... Done. Stopped helpers. Removing stale pid file... done. Init script installed at /etc/init.d/splunk. Init script is configured to run at boot.
– Finaly you can access the Splunk Web interface at http://Server-IP:8000/ or http://Server-hostname:8000 using the default user admin. Before we forgot make sure the port 8000 is opened on your server firewall.
In the Next tutorial of Splunk tutorial series, we will show you how install Splunk universal forwarder.
We hope this tutorial was enough Helpful. If you need more information, or have any questions, just comment below and we will be glad to assist you!
2 comments
thank you Latif
very helpful article
Hi Ahiya,
Thank you, we are so glad that our topics are useful. Subscribe to keep in touch with the latest tec guides.