Installing Splunk on Standalone server

by | Feb 10, 2023 | Blog, How to

HostBreach

 

 

Installing Splunk Enterprise : Standalone Linux Server

Prerequisites:

A Linux server with root access. A Splunk Enterprise installation package.

Step 1: Install the Required Libraries
In order to install Splunk Enterprise, we need to install the necessary libraries. Run the following command to install the required libraries:

sudo apt-get update
sudo apt-get install libssl1.0.0 libssl-dev pkg-config

Step 2: Create a Splunk User
We will create a dedicated user for Splunk Enterprise to run as:

sudo useradd splunk
sudo passwd splunk

Step 3: Copy the Installation Package to the Server
Copy the Splunk Enterprise installation package to the Linux server. The file will be named “splunk-<version>-<build_number>-Linux-x86_64.tgz”.

Step 4: Extract the Installation Package
Run the following command to extract the installation package: php

tar xvzf splunk-<version>-<build_number>-Linux-x86_64.tgz

Step 5: Move the Extracted Files to the Appropriate Location

Move the extracted files to the appropriate location, typically “/opt/splunk”, by running the following command:

sudo mv splunk /opt/

Step 6: Change the Owner of the Extracted Files
Change the owner of the extracted files to the Splunk user we created in step 2:

sudo chown -R splunk:splunk /opt/splunk

Step 7: Start the Splunk Enterprise Service
Start the Splunk Enterprise service by running the following command:

sudo /opt/splunk/bin/splunk start –accept-license

Step 8: Log in to the Splunk Web Interface

Once the service has started, log in to the Splunk web interface by navigating to “http://<server_ip>:8000” in a web browser. The default username is “admin” and the default password is “changeme”.

Step 9: Configure the Splunk Enterprise Instance

Once logged in, you can configure the Splunk Enterprise instance by navigating to the “Settings” page in the web interface.

Congratulations! You have successfully deployed Splunk Enterprise on a standalone Linux server. Installing Splunk Enterprise can now be checked off your learning to do list. We encourage you to continue getting as much hands on experience. 

 

Schedule Free Consultation