Hello Readers! In this blog we will see how to install splunk on Ubuntu operating system.
Steps to install:
1. First we have to download the software. Open your web browser and search for it. Click the link to download https://www.splunk.com.
2. It will redirect us to the splunk, click on free Splunk.
3. You will redirect to the page below.You have to sign in, either you have to sign in or if you don’t have an account, then you have to create an account then sign in.
4. Once you come to this page, click on Linux, then click on .deb file which is for Ubuntu. Click on download now.
5. Now you have two options. One is just downloading the file and the other option is under the useful tools you have the option to use the wget link.
6. Now, open your terminal and give the command sudo su – for switching to the root user.
sudo su -
7. If you do not have wget installed, you can run the command below.
apt install wget
8. Copy and paste the wget link from the browser. You can see the file is downloading.
9. If we run the ls -lah command, then we see the latest version i.e 8.2.4.
10. If we run the dpkg -i command then we just type the first couple letter then push tab to complete and press enter.
dpkg -i splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb
11. Now we can check the opt directory and run ls -lah and you can see that it is installed.
12. Now we have to start the software. For this, we run the below command
/opt/splunk/bin/splunk start –accept-license
The Splunk web interface is at http://knoldus-Latitude-3520:8000.
13. If we do a top command.We will able to see the splunk running.
14. Now we open web browser and put the below link in the address bar to access theWeb UI.
http://127.0.0.1:8000
15. Now if we have to stop the software, we run the below command.
/opt/splunk/bin/splunk stop
How to enable splunk at boot:
We can the below command to enable splunk at boot and run as user.
/opt/splunk/bin/splunk enable boot-start -user splunk
How to change the owner of splunk directory:
To change the owner of directory, run the below command.
chown -R splunk:splunk /opt/splunk