Hello everyone, this blog is about installing Splunk enterprise on LINUX machine. For information about splunk check out my previous blog “Splunk”. Splunk Enterprise can be downloaded from Splunk’s official website. Follow below steps to install and run Splunk Enterprise on your LINUX machine.
Step 1: Download the Splunk Enterprise package
Below is the link to download Splunk. Before downloading Splunk, make sure about bit compatibility of your operating system.
Splunk Enterprise provides the following three Linux installer options:
- DEB, and
- Compressed .tar file.
By default, Splunk Enterprise installs into the /opt/splunk directory on Linux. Installation instructions for each installer is as follows.
Method 1: Install Splunk RPM
Type the following into the CLI(Command Line Interface). Use the optional –prefix flag to install Splunk into a different directory.
$ rpm -i –prefix=/opt/<new_directory> <splunk_package_name>.rpm
Method 2: Install Splunk DEB package
Type the following into the CLI. You can only install the Splunk DEB into the default /opt/splunk directory.
$ dpkg -i <splunk_package_name>.deb
Method 3: Install Splunk using the compressed tar file
Expand the file into the appropriate directory using the tar command. The default install directory is /splunk in the current working directory. To install into a specific directory, such as /opt/splunk, use the -C option.
$ tar xvzf <splunk_package_name>.tgz -C /opt
Step 2: Start the Splunk
To start Splunk Enterprise from the CLI, run the following command from $SPLUNK_HOME/bin directory, where $SPLUNK_HOME is the directory into which you installed Splunk Enterprise. The first time you start Splunk Enterprise after a new installation, you must accept the license agreement. To start Splunk Enterprise and accept the license in one step, use the below command.
$SPLUNK_HOME/splunk/bin start –accept -license
Step 3: Launch Splunk web
After starting Splunk Enterprise and accepting the license agreement, you can launch Splunk Web. In a browser window, access Splunk Web at http://<hostname>:port.
- Hostname is the host machine name or IP.
- Port is the port you specified during the installation (the default port is 8000).
- Splunk Web prompts for login information before it launches. The default username is admin and password is changeme.
- Once you click the login button, by default it will ask you to change the password. Well this step can be skipped.