• ABC's of Splunk, CyberSecurity, Splunk

The ABC’s of Splunk Part Two: How to Install Splunk on Linux

 In the last blog, we discussed how to choose between a single or clustered environment. Read our first blog here!

Regardless of which one you choose, you must install Splunk using a user other than root to prevent the Splunk platform from being used in a security breach.

The following instructions have to be done in sequence:

Step 1: Create a Splunk user

We will first create a separate user for Splunk and add a group for that user.
groupadd splunk
useradd -d /opt/splunk -m -g splunk splunk

 

Step 2: Download and Extract Splunk

The easiest way to download Splunk on a Linux machine is with wget. To get the URL do the following:

  1. Go to https://www.splunk.com/en_us/download/splunk-enterprise.html
  2. Log in with your Splunk credential.
  3. Select to download the Linux .tgz file. This will download the latest version of Splunk. To download an older version click on the “Older Releases” link.
  4. Once you click download, it will start downloading Splunk on your browser. Stop downloading.
  5. On the newly opened page, you will see Link for useful tools from there select “Download via Command Line (wget)” to get the URL.
  6. Select and copy the full wget link.

Open a Linux ssh session and paste in /opt/ directory. This will download the Splunk tgz file.

Extract Splunk:

tar -xvzf

Step 3: Start Splunk

Make sure from this point onwards you always use Splunk user to do any activity in the backend related to Splunk.

Change ownership of the Splunk directory.
Chown -R splunk:splunk /opt/splunk

Change user to Splunk.
su splunk

Start Splunk
/opt/splunk/bin/splunk start –accept-license

It will ask you to enter the admin username and password.

Step 4: Enable Splunk boot start.

/opt/splunk/bin/splunk enable boot-start -user splunk

Step 5: Use Splunk

Open your browser and go to the URL below and you will be able to use Splunk.
http://<ip-or-host-of-your-linux-machine>:8000/

Use the username and password you entered in step-3 while starting Splunk.

Click here for a reference

Written by Usama Houlila.

Any questions, comments, or feedback are appreciated! Leave a comment or send me an email to uhoulila@cr3.jlizardo.com for any questions you might have.
If you wish to learn more, click the button below to schedule a free consultation with Usama Houlila.

Schedule Free Consultation

Related Articles

141 W. Jackson, Suite 2730
Chicago, IL 60604

Phone: (312) 278-4445
Email: info@cr3.jlizardo.com
Sales: sales@cr3.jlizardo.com

Office Hours
Mon – Fri: 9:00 AM – 5:00 PM

© 2023 CrossRealms International

Linkedin Facebook Instagram Twitter
Usama Houlia - CEO

Usama Houlila

President and Enterprise Architect
Envelope Linkedin
Usama Houlila is an Enterprise Architect with more than 20 years of professional experience providing technology solutions for organizations in industries including legal, public services, healthcare, finance, retail, hospitality, and manufacturing. Usama is well-versed in all phases of project delivery – from initiation to closeout. His ability to see the big picture is a product of his comprehensive knowledge of hardware, software, application, and systems engineering. Usama’s myriad interests include international affairs, nutrition and health, cooking, and music. He has played the flute since childhood and is an avid runner and bicyclist who recently added swimming and triathlons to the mix. He currently manages, designs, and deploys palo alto for legal, healthcare, and financial services.