English (US) Italiano
Follow

Installation of Splunk on a dedicated Linux box

Applies to platform: Any Linux box
Last updated: 16th October 2012

This lesson shows you how to install Splunk on a dedicated Linux box. Though we used an Ubuntu 12.04 as Linux box, this how-to should be valid on other Linux boxes, since we use a .tgz package for the installation.

Requirements

In order to install Splunk, make sure you have:

  • A workstation to access the Splunk home page, register, and download the package.
  • Acquaintance with the use of the Linux shell.
  • Administrative rights on the Linux Box on which Splunk will be installed.

Note

We assume that the Linux box on which to install splunk is also the workstation used to download the package. If this is not your case, remember to copy the package from the workstation to the Linux box.

Installation and First Start

To download Splunk, it is necessary to go to the Splunk website: From here, select the package splunk-4.3.4-136012-Linux-i686.tgz. If you do not yet have an account, you will be asked to create one, otherwise you can proceed to login and download the package.

Once the download has finished, copy the TGZ file to your Linux box if necessary, then log in to the box's CLI and go to the directory where you saved the splunk-4.3.4-136012-Linux-i686.tgz package.

Note

We will use the following conventions: /var/opt/ is the Splunk's installation directory and 1004:1004 are splunk's UID and GID, respectively.

 You probably need to become root for extracting the content of the package. Do so, then issue the following command:

root@linux:~# tar  zxf  splunk-4.3.4-136012-Linux-i686.tgz -C /var/opt/

 You are now done. Simply issue as root the command:

root@linux:~# /var/opt/splunk/bin/splunk start

 to start Splunk: If it started correctly, you will see on the console several informative messages. The successful start of Splunk is shown by the following lines:

If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com/Documentation/Splunk

The Splunk web interface is at http://splunk:8000

You can now learn how to access Splunk:  jump to the next chapter!

Access to splunk's Web GUI

You can now access the Web graphic interface of Splunk by launching a browser and open the URL

http://localhost:8000

where the first welcome screen greets you:

splunk2.png

 As soon as you log in, you will need to promptly change your password, then you can access the dashboard:

splunk3.png

 You are now ready to start playing with Splunk!

Automatically start splunk at boot

Here we show how to configure Splunk to automatically start at boot:

root@linux:~# /var/opt/splunk/bin/splunk enable boot-start

This command will create appropriate links in the various /etc/rcX.d directories. It completes successfully with the following lines:

Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.

Make sure that the file /var/opt/splunk/etc/splunk-launch.conf contains the line:

SPLUNK_HOME=/var/opt/splunk

In other words, set the SPLUNK_HOME variable to the directory in which Splunk is installed in.

Have more questions? Submit a request

Comments

  • Avatar
    Marco Astegiano

    molto bene