How to install Splunk in a Virtual Machine with Linux (Ubuntu Server)?


LINK

First of all we create an account, or if we already have one we just log in. 



Then we select our OS, in our case we will select Linux. 

Now you must have already a VM with Linux on it, ideally Ubuntu Server as it is the OS that I am going to use. If you do not have one VM ready, you can check out my guide on -> "Setup a VM on TrueNAS - Example with Ubuntu Server" or if you already have one VM but like mine it is busy because I am testing something else, just create a clone of your VM on TrueNAS. 

As I prefer to use the CLI, I am going use the syntax 

Important: Splunk encourages to do not install this software as "root". 

sudo tar xvzf splunk-8.1.0.1-24fd52428b5a-Linux-x86_64.tgz


After this the installation is done, but there are still a few steps to ultimate this. 

(At the end you can choose the directory that you prefer, we leave like this because it is only for testing purposes)


Now we need to navigate to the Splunk bin directory, but Where is Splunk installed on Linux?

To find out this we are gonna use one of my favorite commands "find". 

Let's check the services fist:

ls

Now we use the command find as below: 

sudo find / -type f -name splunk

Now we are gonna move to the bin directory: 

cd /home/ubuntu/splunk/bin

You are going to use most likely these 3 commands

./splunk start
./splunk stop
./splunk restart

If you need help with the commands, you can use: 

./splunk help

After you start Splunk, confirm the licensing agreement, and then create an administrator account. 

In the end you will receive this message 

In my case to access the web interface this link was incorrect, so to solve this easily I use the IP of my virtual machine as below: 

 Wrong Url

http://ubuntu:8000

Correct Url

http://10.1.XX.XX:8000/

The installation is done.





Brando Sabatini and Ikbal C ©. Powered by Blogger.