Installation of Splunk Enterprise on LINUX

Hello everyone, this blog is about installing Splunk enterprise on LINUX machine. For information about splunk check out my previous blog “Splunk”. Splunk Enterprise can be downloaded from Splunk’s official website. Follow below steps to install and run Splunk Enterprise on your LINUX machine.

Step 1: Download the Splunk Enterprise package

Below is the link to download Splunk. Before downloading Splunk, make sure about bit compatibility of your operating system.

https://www.splunk.com/en_us/download/splunk-enterprise.html

Splunk Enterprise provides the following three Linux installer options:

  1. RPM,
  2. DEB, and
  3. Compressed .tar file.

By default, Splunk Enterprise installs into the /opt/splunk directory on Linux. Installation instructions for each installer is as follows.

apr-1

Method 1: Install  Splunk RPM

Type the following into the CLI(Command Line Interface). Use the optional –prefix flag to install Splunk into a different directory.

$ rpm -i –prefix=/opt/<new_directory>  <splunk_package_name>.rpm

Method 2: Install Splunk DEB package

Type the following into the CLI. You can only install the Splunk DEB into the default /opt/splunk directory.

$ dpkg -i <splunk_package_name>.deb

Method 3: Install Splunk using the compressed tar file

Expand the file into the appropriate directory using the tar command. The default install directory is /splunk in the current working directory. To install into a specific directory, such as /opt/splunk, use the -C option.

$ tar xvzf <splunk_package_name>.tgz -C /opt

 

Step 2: Start the Splunk

To start Splunk Enterprise from the CLI, run the following command from $SPLUNK_HOME/bin directory, where $SPLUNK_HOME is the directory into which you installed Splunk Enterprise. The first time you start Splunk Enterprise after a new installation, you must accept the license agreement. To start Splunk Enterprise and accept the license in one step, use the below command.

$SPLUNK_HOME/splunk/bin start –accept -license

apr-2

Step 3: Launch Splunk web

After starting Splunk Enterprise and accepting the license agreement, you can launch Splunk Web. In a browser window, access Splunk Web at http://<hostname&gt;:port.

  • Hostname is the host machine name or IP.
  • Port is the port you specified during the installation (the default port is 8000).
  1.  Splunk Web prompts for login information before it launches. The default username is admin and password is changeme. apr-3
  2. Once you click the login button, by default it will ask you to change the password. Well this step can be skipped.apr-4

 

References

 

Happy Splunking!!!!

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s