Install Splunk

Go to www.splunk.com   Create an account

Go to splunk free

Create a directory or use your Download directory 
 optional (mkdir splunkdownload)   

Download the deb version

Heading 6

Now we can run   we choose our version  (tab) this is wrong version

sudo dpkg -i splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb

Secondly, we need to create the init.d script so that we can easily start and stop Splunk. Change to the Splunk binary directory at /opt/splunk/bin/  and run Splunk executable with the below arguments.

type

sudo /opt/splunk/bin/splunk start

remember your user/pass

now if we run sudo /opt/splunk/bin/splunk start

we get an error...

to correct we need to add a line to our splunk-launch.conf file

we will find this file  in /opt/splunk/etc

sudo gedit splunk-launch.conf

add this line near top 

OPTIMISTIC_ABOUT_FILE_LOCKING = 1

then save

cd /

then run

sudo /opt/splunk/bin/splunk start

goto http://127.0.0.1:8000     (in your browser)

to stop splunk

sudo /opt/splunk/bin/splunk stop

dont do this

cd /opt/splunk/bin/

 ./splunk enable boot-start

During this process, you can Press the Spacebar to go through the license agreement and then type Y to accept it as shown in the installation logs.

Finally, we can start the Splunk Service with the command below:

Now you can access your Splunk Web interface at http://Server-IP:8000/ or http://Server-hostname:8000 . You need to make sure this port 8000 is open on your server firewall.

  • Facebook
  • LinkedIn

© The Institute of Advanced Cyber Defence 2020.