Let’s learn the step-by-step way to install and configure Splunk on Ubuntu 20.04 or 18.04 LTS Linux server to collect and analyze various data.
Splunk is a data platform that allows collecting, indexing, monitoring, and analyzing machine data in large quantities (hundreds of terabytes of data per day) from various sources in real-time. Splunk has the ability to receive data from almost any source. Also, it is possible to receive the logs (machine data) from e.g. production machines, measuring devices, sensors, vehicles, etc.
Splunk currently offers three main products:
- Splunk Enterprise: The Enterprise Version is an on-premise edition without any technical limitations.
- Splunk Cloud: Cloud Edition is nothing more than a cloud-based enterprise version. Splunk Cloud is hosted on Amazon AWS. The hybrid scenarios between on-premise and cloud are also possible.
- Splunk Light: Splunk Light is intended for small IT environments and has the following limitations: 5 users, single server instance, 20 GB / day). The Light Edition is available both on-premise and in the cloud.
- Splunk Free: The free version of Splunk, which is intended for customers with less than 500 MB of indexed volume (GB) per day.
Steps to install Splunk on Ubuntu 20.04 LTS Linux server
1. Download Splunk Free for Linux
The free version of Splunk is available with all Enterprise features but for a limited period of time i.e 6o days after that, the user has to upgrade to continue for all features. Whereas, if you don’t then a free license with limited features will go on without any expiry. However, you will only allow to index 500 MB per day, there will be no searching; bulk loading of large data sets allows only 2 times within a 30 day period. Know more about a free license.
To install Splunk on Ubuntu, the developers of this platform offers Deb binary that easily can be downloaded from the official website (link).
Alternatively, the users can use the below given wget command to get the free version of Splunk with trial Enterprise features.
wget -O splunk-8.2.1-ddff1c41e5cf-linux-2.6-amd64.deb 'https://www.splunk.com/page/download_track?file=8.2.1/linux/splunk-8.2.1-ddff1c41e5cf-linux-2.6-amd64.deb&ac=&wget=true&name=wget&platform=Linux&architecture=x86_64&version=8.2.1&product=splunk&typed=release''
2. Command to Install Splunk on Ubuntu 20.04
As the downloaded file is .deb, thus we can use the APT package manager to install it.
Note: If you have downloaded this data analyses software on GUI Linux using the browser, the first switch to the Downloads directory using cd Downloads. Whereas the users got it using wgetcommand can simply run:
sudo apt install ./splunk-*-amd64.deb
3. Accept License, Enable Boot start and Set Admin user & password
Once the installation is completed, let’s run the script that will not only enable Splunk service at boot level but also let us set up login details- Admin user and its password. However, as the script starts press the Esc key and the Y to accept the license.
sudo /opt/splunk/bin/splunk enable boot-start
4. Access Spunk Web interface
Now, this data analytical platform is ready, lets’s access its web interface at localhost:8000, whereas the users who want to access Splunk Dashboard on some remote system, need to open port 8000 in the system firewall. For that run:
sudo ufw allow 8000
After that:
For remote system browser – http://your-server-ip:8000
For Local system browser- http://localhost:8000
5. Login Admin account
The first screen you will get on your browser is to enter the Admin username and password set while configuring Splunk. Enter the same to log in.
6. Splunk Dashboard
Finally, you have Splunk on your Ubuntu 18.04/20.04 system, now click on Add Data to integrated the source of Data for analysis.
Uninstall Splunk Enterprise (optional)
sudo /opt/splunk/bin/splunk disable boot-start sudo apt remove splunk
From here you can refer to official Splunk documentation to know more…
