ā»1 It does not need to be Ubuntu 18.04 LTS. Either Ubuntu 20.04 LTS or 22.04 LTS is fine. ā»2 Splunk Enterprise does not support ARM architecture, including Apple Silicon. Ā
Download Splunk binary and extract it to /opt directory. If you are running a Linux server on the VirtualBox, please disable the Netskope client first otherwise you will get the cert error. Ā
Ā
Ā
sudo su - wget -O splunk-9.4.0-6b4ebe426ca6-linux-amd64.tgz "https://download.splunk.com/products/splunk/releases/9.4.0/linux/splunk-9.4.0-6b4ebe426ca6-linux-amd64.tgz" tar xvzf splunk*.tgz -C /opt/ echo "export PATH=\$PATH:/opt/splunk/bin" >> /etc/profile source /etc/profile
Ā
Start Splunk accepting the license term and configure your admin account and password. This is a user for Splunk instance and it doesn't relate with your Linux user.
This appears to be your first time running this version of Splunk.
Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials.
Please enter an administrator username: admin ā Enter the admin user name here Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: ā Enter your admin password here Please confirm new password: ā Enter your admin password here Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus .........................................................+++++ ...................+++++ e is 65537 (0x10001) writing RSA key
Generating RSA private key, 2048 bit long modulus ................+++++ ........................+++++ e is 65537 (0x10001) writing RSA key
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
Splunk> All batbelt. No tights.
Checking prerequisites... Checking http port 8000]: open Checking mgmt port 8089]: open Checking appserver port C127.0.0.1:8065]: open Checking kvstore port 8191]: open Checking configuration... Done. Creating: /opt/splunk/var/lib/splunk Creating: /opt/splunk/var/run/splunk Creating: /opt/splunk/var/run/splunk/appserver/i18n Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css Creating: /opt/splunk/var/run/splunk/upload Creating: /opt/splunk/var/run/splunk/search_telemetry Creating: /opt/splunk/var/spool/splunk Creating: /opt/splunk/var/spool/dirmoncache Creating: /opt/splunk/var/lib/splunk/authDb Creating: /opt/splunk/var/lib/splunk/hashDb New certs have been generated in '/opt/splunk/etc/auth'. Checking critical directories... Done Checking indexes... Validated: _audit _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-8.1.3-63079c59e632-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed.
Starting splunk server daemon (splunkd)... Generating a RSA private key ..............+++++ ...+++++ writing new private key to 'privKeySecure.pem' ----- Signature ok subject=/CN=toshi-VirtualBox/O=SplunkUser Getting CA Private Key writing RSA key Done
Waiting for web server at http://127.0.0.1:8000 to be available... Done
If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://toshi-VirtualBox:8000
root@toshi-VirtualBox:~#
Ā
Enable boot-start
Ā
sudo splunk enable boot-start
Ā
Open Firefox and access http://localhost:8000 Log in to the Splunk by user account/pass you configured on procedure #3. Ā
Ā
Ā
Ā
(Optional) The enterprise license will expire within 60 days. Convert license type from Enterprise to free. You can feed up to 512MB of data every day forever. About Splunk Free - Splunk Documentation Ā
Ā
Ā
Ā
You can stop/start Splunk using the commands below. Ā
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account