Install Splunk on Ubuntu Server via CLI  (Command Line)

Install Splunk on Ubuntu Server via CLI (Command Line)

To install Splunk on an Ubuntu server via Command Line, go through the following steps:

Visit the Splunk Downloads page: https://www.splunk.com/en_us/download/splunk-enterprise.html

 

Select the DEB version from the Linux tab and click Download

On the downloads page, Splunk have very thoughtfully provided the wget command ready to copy and paste in to your terminal window, click  Command Line (wget)

Then select the wget command from the text box and copy it:

 

At the time of writing this was:

wget -O splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=splunk&filename=splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'

Once you have run this command and the download has completed, run the following command to install Splunk, ensuring the file name matches the emboldened portion of the wget command above:

sudo dpkg -i Downloads/splunk-5.0.1-143156-linux-2.6-intel.deb

You will probably be prompted for your sudo (superuser) password, once entered the install should begin.

You should see the following steps, finishing with complete (hopefully):

Selecting previously unselected package splunk.
(Reading database ... 66454 files and directories currently installed.)
Preparing to unpack splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb ...
Unpacking splunk (7.1.0) ...
Setting up splunk (7.1.0) ...
complete

Now lets fire it up using the following command:

sudo /opt/splunk/bin/splunk start

This will prompt the splunk license agreement, use the space bar to scroll through (after reading in great detail obviously 🙂 – at the end hit Y to accept the agreement.

As its the first time we’re running Splunk, we’ll be asked for a password.

Once complete, you’ll see some additional processing, including generating RSA keys, etc.

Finally you should be prompted with a confirmation of the URL and port combination Splunk will be accessible on:

The Splunk web interface is at http://bobuntu:8000

Remember, this address may resolve on your Ubuntu server but doesn’t necessarily mean it will resolve on the rest of your network, depending on your DNS configuration.

If it doesn’t, you either need to create a DNS entry, a HOST record entry or browse to the interface via the IP address, for example: http://192.168..123:8000

Finally, upon browsing to the location, login with the username admin and the password you set above.

Job done!

 

Bob McKay

About Bob McKay

Bob McKay works at Perfect Image, is a father, programmer and a self confessed techie-geek type.

Disclosure Policy

Bob on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *