- \n
- Splunk Forwarder : It is used for collecting the logs.<\/li>\n
- Splunk Indexer : It is used for Parsing and Indexing the data.<\/li>\n
- Splunk Search Head : Provides web interface for for searching, analyzing and reporting.<\/li>\n<\/ol>\n
In this tutorial, we will be going to learn how to install Splunk on Ubuntu 18.04 LTS (Bionic Beaver) server.<\/p>\n
Requirements<\/h2>\n
- \n
- A server running Ubuntu 18.04 to your system.<\/li>\n
- A non-root user with sudo privileges.<\/li>\n<\/ul>\n
Install Splunk<\/h2>\n
Splunk supports a wide range of operating system including, Windows, Linux, FreeBSD, OSX, Solaris, AIX and many more. You can download the latest version of the Splunk from their official website or use the following command:<\/p>\n
wget https:\/\/download.splunk.com\/products\/splunk\/releases\/7.1.1\/linux\/splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb<\/p>\n
Once the download is completed, install the downloaded file using the following command:<\/p>\n
sudo dpkg -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb<\/p>\n
Once the installation completed successfully, you should see the following output:<\/p>\n
(Reading database ... 218552 files and directories currently installed.) \nPreparing to unpack splunk-7.1.1-8f0ead9ec3db-linux-2.6-amd64.deb ... \nUnpacking splunk (7.1.1) over (7.1.1) ... \nSetting up splunk (7.1.1) ... \ncomplete \n<\/pre>\n
Next, you will need to enable Splunk service to start on boot time. You can do this by running the following command:<\/p>\n
sudo \/opt\/splunk\/bin\/splunk enable boot-start<\/p>\n
Here, you will need to agree to the License Agreement and provide admin password as below:<\/p>\n
Splunk Software License Agreement 04.24.2018 \n \nDo you agree with this license? [y\/n]: y \n \nThis appears to be your first time running this version of Splunk. \n \nAn Admin password must be set before installation proceeds. \nPassword must contain at least: * 8 total printable ASCII character(s). \nPlease enter a new password: \nPlease confirm new password: \nCopying '\/opt\/splunk\/etc\/openldap\/ldap.conf.default' to '\/opt\/splunk\/etc\/openldap\/ldap.conf'. \nGenerating RSA private key, 2048 bit long modulus \n..................+++ \n..............................................................................+++ \ne is 65537 (0x10001) \nwriting RSA key \n \nGenerating RSA private key, 2048 bit long modulus \n.............+++ \n...................................+++ \ne is 65537 (0x10001) \nwriting RSA key \n \nMoving '\/opt\/splunk\/share\/splunk\/search_mrsparkle\/modules.new' to '\/opt\/splunk\/share\/splunk\/search_mrsparkle\/modules'. Adding system startup for \/etc\/init.d\/splunk ... \/etc\/rc0.d\/K20splunk -> ..\/init.d\/splunk \/etc\/rc1.d\/K20splunk -> ..\/init.d\/splunk \/etc\/rc6.d\/K20splunk -> ..\/init.d\/splunk \/etc\/rc2.d\/S20splunk -> ..\/init.d\/splunk \/etc\/rc3.d\/S20splunk -> ..\/init.d\/splunk \/etc\/rc4.d\/S20splunk -> ..\/init.d\/splunk \/etc\/rc5.d\/S20splunk -> ..\/init.d\/splunk \nInit script installed at \/etc\/init.d\/splunk. \nInit script is configured to run at boot. \n<\/pre>\n
Next, start Splunk service using the following command:<\/p>\n
sudo service splunk start<\/p>\n
You should see the following output:<\/p>\n
Starting splunk server daemon (splunkd)... \nGenerating a 2048 bit RSA private key \n............+++ \n............................................................................................................................................+++ \nwriting new private key to 'privKeySecure.pem' \n----- \nSignature ok \nsubject=\/CN=Node3\/O=SplunkUser \nGetting CA Private Key \nunable to write 'random state' \nwriting RSA key \nDone \n \n \nWaiting for web server at http:\/\/127.0.0.1:8000 to be available........ Done \n \n \nIf you get stuck, we're here to help. \nLook for answers here: http:\/\/docs.splunk.com \n \nThe Splunk web interface is at http:\/\/Node3:8000 \n<\/pre>\n
Access Splunk Web Interface<\/h2>\n
Splunk server is now running and listening on port 8000. Open your web browser and type the URL http:\/\/your-server-ip:8000<\/strong>, you will be redirected to the following page:<\/p>\n
![\"Splunk](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts.png\" "\\"\\"")
<\/a><\/p>\nHere, provide your admin login credentials, then click on the Sign In button<\/strong>, you should see the Splunk dashboard in the following screen:<\/p>\n
![\"Splunk](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts-1.png\" "\\"\\"")
<\/a><\/p>\nLinks<\/h2>\n
\nShare this page:<\/b><\/p>\n
\n
![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts-2.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts-3.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts-4.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/06\/how-to-install-splunk-log-analyzer-on-ubuntu-18-04-lts-5.png\" "\\"\\"")
<\/a>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"Splunk is a powerful log database that can be used for searching, monitoring, and analyzing machine-generated big data through a web-interface. It is a very useful tool for analyzing, exploring and searching data. You can easily index, search, collect and visualize massive data streams in real-time from an application, web server, database, server platform, Cloud-network […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-5125","post","type-post","status-publish","format-standard","hentry","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/5125","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=5125"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/5125\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=5125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=5125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=5125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Splunk](\"https:\/\/www.howtoforge.com\/images\/how_to_install_splunk_on_ubuntu_1804\/big\/page1.png\" "\\"\\"")
<\/a><\/p>\n