So you have decided to install Splunk? You are going to need a few thinks. This walk through is going to discuss installing Splunk on Ubuntu. Although it hardly matters. The details will very if you are die hard Cent or Red Hat.
I would recommend preparing your Linux flavor upfront. All your standard preparation guidelines should apply. Make sure the OS is up to date. Make sure it’s NTP is set and up to date.
Just a Note: For Splunk your might go with 4 vCPU, 4 G of memory and 50G of drive space. The default 16G of VMware won’t cut it as you will run out of space quick. If you run below the limits the system will stop indexing.
You will need to go to splunk.com, create an account, and login.
You are going to want to go to the site. In order to download the package you are going to need to sign up for an account. Older versions of the product danced a little around the idea of the “Enterprise” version of the product and the “Free” version. As may have been outlined before – the free Version is the Enterprise version basically without a license. This does limit you in a number of ways.
https://www.splunk.com/en_us/download.html
The first move is probably just to move to the tmp directory. We can pull the package and install it from there.
cd /tmpFor the “Linux” versions they are going to provide you with a convient way of using wget to pull the package from the CLII
wget -O splunk-8.2.5-77015bc7a462-linux-2.6-amd64.deb "https://download.splunk.com/products/splunk/releases/8.2.5/linux/splunk-8.2.5-77015bc7a462-linux-2.6-amd64.deb"dpkg -i splunk-8.2.5-77015bc7a462-linux-2.6-amd64.deb
This will take a while to unpack and install. The splunk package will be installed in /opt/splunk. So the next thing we need to do is to kick start splunk which will also trigger the license acknowledgement.
sudo /opt/splunk/bin/splunk enable boot-start
You are now ready to start splunk!
sudo service splunk startNow you are ready to login for the first time. Please vist the URL using your address or name using http and using port 8000
You no doubt will be enticed to discuss a storage engine which will be optimized to compress and store data.
Congratulations you now have Splunk installed.
While you are downloading items, you may want to go ahead and download the Splunk Universal Forwarder.
https://www.splunk.com/en_us/download/universal-forwarder.htmlWith Splunk running you are now ready to consider how to “log” some data. And now that you have data you can decide what you are going to do with it. Please see Some of the other short posts for this.
Reference:
https://www.bitsioinc.com/tutorials/install-splunk-ubuntu/
https://en.wikipedia.org/wiki/Splunk