What is Splunk?
Splunk is a software technology which provides the engine for monitoring, searching, analyzing, visualizing and acting on voluminous streams of real-time machine data.
Download Splunk
Splunk is a software technology which provides the engine for monitoring, searching, analyzing, visualizing and acting on voluminous streams of real-time machine data.
Download Splunk
- Browse https://www.splunk.com/
- On the top right corner click on "Free Splunk"
- Create your account/login using your existing account
- Click on "Download Free 60-Day Trial" in "Splunk Enterprise" section
- Click on "Linux" tab
- Download '.tgz' tar ball
- Login to the linux box where you downloaded the tar ball.
- Add a splunk group
- # groupadd splunk
- Add splunk user along with home directory and group as shown below command.
- # useradd -d /opt/splunk -m -g splunk splunk
- Change to splunk user and check the id
- # su - splunk
- $ id
- uid=1001(splunk) gid=1001(splunk) groups=1001(splunk)
- # tar -xvf splunk-*.tgz
- Copy the splunk directory content to /opt/splunk/
- # cp -rp splunk/* /opt/splunk/
- Make sure /opt/splunk/ and its content owned by splunk user
- # chown -R splunk: /opt/splunk/
- Switch to splunk user
- # su - splunk
- Change directory to bin
- $ cd bin
- Start splunk
- $ ./splunk start --accept-license
- Enter the splunk admin username and password for GUI login
- By the end of start command you can see your web server details (ex: <your webserver hostname/ip:8000>)
- Now browse the web server
- Ex:
- Loging using splunk admin user and password you created during splunk start.
Thats it!.