To install Splunk on an Ubuntu server via Command Line, go through the following steps:
Visit the Splunk Downloads page: https://www.splunk.com/en_us/download/splunk-enterprise.html
Select the DEB version from the Linux tab and click Download
On the downloads page, Splunk have very thoughtfully provided the wget command ready to copy and paste in to your terminal window, click Command Line (wget)
Then select the wget command from the text box and copy it:
At the time of writing this was:
wget -O splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=splunk&filename=splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
Once you have run this command and the download has completed, run the following command to install Splunk, ensuring the file name matches the emboldened portion of the wget command above:
sudo dpkg -i Downloads/splunk-5.0.1-143156-linux-2.6-intel.deb
You will probably be prompted for your sudo (superuser) password, once entered the install should begin.
You should see the following steps, finishing with complete (hopefully):
Selecting previously unselected package splunk. (Reading database ... 66454 files and directories currently installed.) Preparing to unpack splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb ... Unpacking splunk (7.1.0) ... Setting up splunk (7.1.0) ... complete
Now lets fire it up using the following command:
sudo /opt/splunk/bin/splunk start
This will prompt the splunk license agreement, use the space bar to scroll through (after reading in great detail obviously 🙂 – at the end hit Y to accept the agreement.
As its the first time we’re running Splunk, we’ll be asked for a password.
Once complete, you’ll see some additional processing, including generating RSA keys, etc.
Finally you should be prompted with a confirmation of the URL and port combination Splunk will be accessible on:
The Splunk web interface is at http://bobuntu:8000
Remember, this address may resolve on your Ubuntu server but doesn’t necessarily mean it will resolve on the rest of your network, depending on your DNS configuration.
If it doesn’t, you either need to create a DNS entry, a HOST record entry or browse to the interface via the IP address, for example: http://192.168..123:8000
Finally, upon browsing to the location, login with the username admin and the password you set above.