Splunk is a powerful log analysis tool used for searching, monitoring, and analyzing machine-generated big data from a web browser. It helps you simplify log data from servers and networking devices into a simple format that you can easily read and digest. Splunk supports all major operating systems including Windows, Linux, and Mac OS. It is easily scalable, fully integrated, and supports both local and remote data sources.
In this tutorial, we will show you how to install Splunk Log Analyzer Tool on Ubuntu 20.04.
- A fresh Ubuntu 20.04 VPS on the Atlantic.net Cloud Platform
- A root password configured on your server
Step 1 – Create Atlantic.Net Cloud Server
First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing Ubuntu 20.04 as the operating system with at least 1GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.
Once you are logged in to your Ubuntu 20.04 server, run the following command to update your base system with the latest available packages.
apt-get update -y
Step 2 – Install Splunk
First, you must download Splunk onto the Ubuntu server.
- Log in to the Splunk website to download the latest version of Splunk package.
- Click on the “Free Splunk” logo on their website.
- Complete the brief registration form to create an account.
- Once the download is complete, use your favorite FTP client to transfer the file to the server.
Note – If you are not sure how to use FTP, please visit either of these guides:
Once the download is completed, install the downloaded file with the following command:
dpkg -i splunk-8.0.5-a1a6394cc5ae-linux-2.6-amd64.deb
Once the installation is completed, enable the Splunk service at system boot with the following command:
/opt/splunk/bin/splunk enable boot-start
You will need to accept the license agreement as shown below:
"Personnel" means any employee, consultant, contractor, or subcontractor of Splunk. "Splunk Preexisting IP" means, with respect to any C&I Services Materials, all associated Splunk Technology and all Intellectual Property Rights created or acquired: (a) prior to the date of the Statement of Work that includes such C&I Services Materials, or (b) after the date of such Statement of Work but independently of the C&I Services provided under such Statement of Work. "Statement of Work" means the statements of work and/or any all applicable Orders that describe the specific services to be performed by Splunk, including any materials and deliverables to be delivered by Splunk. SPLUNK GENERAL TERMS (v1.2020) Do you agree with this license? [y/n]: y
Type y and hit Enter to continue. You will be asked to create an administrative account and set a password as shown below:
This appears to be your first time running this version of Splunk. Splunk software must create an administrator account during startup. Otherwise, you cannot log in. Create credentials for the administrator account. Characters do not appear on the screen when you type in credentials. Please enter an administrator username: admin Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:
Type your admin username and password and hit Enter. You should see the following output:
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus .........+++++ ..+++++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus .+++++ ..................................................................................................................................................+++++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Init script installed at /etc/init.d/splunk. Init script is configured to run at boot.
Step 3 – Start Splunk Service
At this point, Splunk is installed in your system. Now, start the Splunk service with the following command:
service splunk start
You can verify the status of the Splunk service with the following command:
service splunk status
You should get the following output:
At this point, Splunk is started and listening on port 8000.
Step 4 – Access Splunk Web Interface
Now, open your web browser and access the Splunk interface using the URL http://your-server-ip:8000. You should see the following screen:
Provide your admin username and password and click on the Sign In button. You should see the Splunk dashboard in the following screen:
Congratulations! You have successfully installed Splunk on Ubuntu 20.04. Splunk is a very useful solution for log processing, collection, and analysis. Monitor your Linux environment with Splunk on your VPS Hosting account from Atlantic.Net.