Are you looking for the process to follow to install Splunk on your Ubuntu Server? This guide will show exactly how to do it.
Splunk is the Popular tool which helps in analyzing machine data to deliver Operational Intelligence for security, IT and the business.
It is used to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc. which make up your IT infrastructure and business.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our customers to perform Packages and Software Installation related tasks on their Ubuntu server.
In this context, we shall look into how to install Splunk on Ubuntu.
Steps to take to install Splunk 8.0 on Ubuntu?
To install Splunk, Log into your server as a root user with an ssh tool such as putty, download Splunk 8.0 to you sever and then follow the steps carefully as follows;
i. Start by moving the .deb Splunk file to the /tmp folder with the commands below;
mv splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb /tmp
This will move the installation file to the "/tmp" folder where you can initiate the installation of Splunk.
ii. Next, run the command below to install Splunk 8.0 to your Ubuntu Server;
sudo dpkg -i splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb
The output will look like this;
Selecting previously unselected package splunk. (Reading database … 159633 files and directories currently installed.) Preparing to unpack splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb … Unpacking splunk (8.0.0) … Setting up splunk (8.0.0) … complete
iii. Then start the service at boot and then enter the administrative username and password.
In this process, accept license. To do this run the command below;
sudo /opt/splunk/bin/splunk enable boot-start
This will start Splunk whenever the machine boots.
The output of the above command will look like this;
This appears to be your first time running this version of Splunk. Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials. Please enter an administrator username:
Next, follow the instructions given, and choose your desired username as well as password (Use a strong password).
As soon as you enter in the password, the configuration will be processed and completed.
iv. To start the Splunk Service, run the command below;
sudo service splunk start
v. Now you can now test the installation via your browser ( web interface).
Open your browser and enter "localhost:8000" in the address bar. This will display the Splunk web login interface, where you can enter the username and password which you configured in the previous stage.