How to install Splunk in a Virtual Machine with Linux (Ubuntu Server)?
First of all we create an account, or if we already have one we just log in.
Then we select our OS, in our case we will select Linux.
Now you must have already a VM with Linux on it, ideally Ubuntu Server as it is the OS that I am going to use. If you do not have one VM ready, you can check out my guide on -> "Setup a VM on TrueNAS - Example with Ubuntu Server" or if you already have one VM but like mine it is busy because I am testing something else, just create a clone of your VM on TrueNAS.
As I prefer to use the CLI, I am going use the syntax
Important: Splunk encourages to do not install this software as "root".
sudo tar xvzf splunk-18.104.22.168-24fd52428b5a-Linux-x86_64.tgz
After this the installation is done, but there are still a few steps to ultimate this.
(At the end you can choose the directory that you prefer, we leave like this because it is only for testing purposes)
Now we need to navigate to the Splunk bin directory, but Where is Splunk installed on Linux?
To find out this we are gonna use one of my favorite commands "find".
Let's check the services fist:
Now we use the command find as below:
sudo find / -type f -name splunk
Now we are gonna move to the bin directory:
You are going to use most likely these 3 commands
If you need help with the commands, you can use:
After you start Splunk, confirm the licensing agreement, and then create an administrator account.
In the end you will receive this message
In my case to access the web interface this link was incorrect, so to solve this easily I use the IP of my virtual machine as below:
The installation is done.