Install Splunk Log Analyser on Ubuntu 16.04 | 17.10 | 18.04

Splunk software is a popular log analyser that you can deploy in your environment to gain insights and help you simplify logs data from servers, networking devices and others so you can make sense of them. It helps you monitor, search and analyse the vast amount of data, (especially in a larger environments) into a simple format that you can easily read and digest.

Splunk supports majority of the operating systems in use today. from Windows to Linux and Mac OS. including vast majority of the networking devices deployed.

This brief tutorial is going to show students and new users how to install Splunk software on Ubuntu 16.04 / 17.10  and 18.04 LTS servers.

For more about Splunk, please check its homepage.

When you’re ready to install Splunk, follow the steps below:

Step 1: Download Splunk Installer

On Ubuntu systems, you’ll want download the DEB installer. the commands below can be used to do that

cd /tmp && wget

The commands above will download the current version 7.1.1 and save it into the /tmp directory. All you need to do now is run dpkg command and install.

Step 2: Install Splunk

Now that Splunk installer is downloaded, run the commands below to install it.

sudo dpkg -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb

The commands above to initiate the installation. want for a few minutes for the installation to complete. when done, you should see the completion messages as shown below.

Selecting previously unselected package splunk.
(Reading database . 165107 files and directories currently installed.)
Preparing to unpack splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb .
Unpacking splunk (7.1.1) .
Setting up splunk (7.1.1) .
complete

Finally, run the commands below to enable Splunk to always start up when the server starts. the next command start the service immediately.

sudo /opt/splunk/bin/splunk enable boot-start
sudo service splunk start

When you run the commands above, you’ll have to accept the licensing agreement. use the spacebar on your keyboard to scroll down the pages. at the end, type y to agree to the terms.

Splunk Software License Agreement 04.24.2018

Do you agree with this license? [y/n]: y

You’ll then be prompted to create and confirm the admin password. use this password to access the web portal.

This appears to be your first time running this version of Splunk.

An Admin password must be set before installation proceeds.
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password: 
Please confirm new password: 
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 2048 bit long modulus
.+++
..+++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 2048 bit long modulus
..+++
.+++
e is 65537 (0x10001)
writing RSA key

Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.

Start Splunk.

sudo service splunk start

After that, open your browser and browse to the server hostname or IP address followed by port # 8000

You should see Splunk web portal for you to access. use the credentials you created above to access the backend.

Splunk ubuntu install

Enjoy~!

Splunk ubuntu setup

You may also like the post below: