Let’s learn step by step how to install and configure Splunk on Linux Ubuntu 20.04 or 18.04 LTS server to collect and analyze various data.
Splunk is a data platform that collects, indexes, monitors and analyzes large amounts of machine data (hundreds of terabytes of data per day) from a variety of sources in real time. Splunk has the ability to receive data from almost any source. In addition, it is possible to receive logs (machine data) from production machines, measuring devices, sensors, vehicles, etc.
Splunk currently offers three main products:
- Splunk Business: The Enterprise version is an on-site edition without any technical limitation.
- Splunk Cloud: Cloud Edition is nothing more than a cloud-based enterprise version. Splunk Cloud is hosted on Amazon AWS. Hybrid scenarios between on-premise and cloud are also possible.
- Splunk Light: Splunk Light is intended for small IT environments and has the following limitations: 5 users, single server instance, 20 GB / day). The Light edition is available both on-premises and in the cloud.
- Free Splunk: The free version of Splunk, intended for customers with less than 500MB of indexed volume (GB) per day.
Steps to install Splunk on Linux Ubuntu 20.04 LTS server
1. Download Splunk free for Linux
The free version of Splunk is available with all Enterprise features, but for a limited period, i.e. 60 days after that, the user must upgrade to continue for all features. Whereas, if you don’t, a free license with limited functionality will continue without any expiration. However, you will only allow indexing of 500MB per day, there will be no search; Bulk upload of large datasets only allows 2 times in a 30 day period. Learn more about a free license.
To install Splunk on Ubuntu, the developers of this platform offer the Deb binary easily downloadable from the official site (link).
Alternatively, users can use the data below
wget to get the free version of Splunk with enterprise trial features.
wget -O splunk-8.2.1-ddff1c41e5cf-linux-2.6-amd64.deb 'https://www.splunk.com/page/download_track?file=8.2.1/linux/splunk-8.2.1-ddff1c41e5cf-linux-2.6-amd64.deb&ac=&wget=true&name=wget&platform=Linux&architecture=x86_64&version=8.2.1&product=splunk&typed=release''
2. Command to install Splunk on Ubuntu 20.04
As the downloaded file is .deb, so we can use the APT Package Manager to install it.
To note: If you downloaded this data analysis software on Linux GUI using browser, first go to downloads directory using
cd Downloads. While users have obtained it using
wgetThe command can simply run:
sudo apt install ./splunk-*-amd64.deb
3. Accept the license, activate startup and set the administrator user and password.
Once the installation is complete, let’s run the script that will not only enable the Splunk service at the boot level, but also configure the connection information. Administrator the user and his the password. However, when starting the script, press the key Esc key and the Yes to accept the license.
sudo /opt/splunk/bin/splunk enable boot-start
4. Access the Spunk web interface
Now that this data analysis platform is ready, let’s access its web interface at local host: 8000, while users who want to access Splunk Dashboard on a remote system must open the port 8000 in the system firewall. For this race:
sudo ufw allow 8000
For the remote system browser –
For the local system browser-
5. Log in to the administrator account
The first screen you’ll get on your browser is to enter the administrator username and password you set up during Splunk setup. Enter the same to connect.
6. Splunk dashboard
Finally you have Splunk on your Ubuntu 18.04 / 20.04 system, now click on Add data integrate the data source for analysis.
Uninstall Splunk Enterprise (optional)
sudo /opt/splunk/bin/splunk disable boot-start sudo apt remove splunk
From here you can refer to the official Splunk documentation to learn more …