Applies to platform: Any Linux box
Last updated: 16th October 2012
This lesson shows you how to install Splunk on a dedicated Linux box. Though we used an Ubuntu 12.04 as Linux box, this how-to should be valid on other Linux boxes, since we use a .tgz package for the installation.
In order to install Splunk, make sure you have:
- A workstation to access the Splunk home page, register, and download the package.
- Acquaintance with the use of the Linux shell.
- Administrative rights on the Linux Box on which Splunk will be installed.
Installation and First Start
To download Splunk, it is necessary to go to the Splunk website: From here, select the package splunk-4.3.4-136012-Linux-i686.tgz. If you do not yet have an account, you will be asked to create one, otherwise you can proceed to login and download the package.
Once the download has finished, copy the TGZ file to your Linux box if necessary, then log in to the box's CLI and go to the directory where you saved the splunk-4.3.4-136012-Linux-i686.tgz package.
You probably need to become root for extracting the content of the package. Do so, then issue the following command:
root@linux:~# tar zxf splunk-4.3.4-136012-Linux-i686.tgz -C /var/opt/
You are now done. Simply issue as root the command:
root@linux:~# /var/opt/splunk/bin/splunk start
to start Splunk: If it started correctly, you will see on the console several informative messages. The successful start of Splunk is shown by the following lines:
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com/Documentation/Splunk
The Splunk web interface is at http://splunk:8000
You can now learn how to access Splunk: jump to the next chapter!
Access to splunk's Web GUI
You can now access the Web graphic interface of Splunk by launching a browser and open the URL
where the first welcome screen greets you:
As soon as you log in, you will need to promptly change your password, then you can access the dashboard:
You are now ready to start playing with Splunk!
Automatically start splunk at boot
Here we show how to configure Splunk to automatically start at boot:
root@linux:~# /var/opt/splunk/bin/splunk enable boot-start
This command will create appropriate links in the various /etc/rcX.d directories. It completes successfully with the following lines:
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.
Make sure that the file /var/opt/splunk/etc/splunk-launch.conf contains the line:
In other words, set the SPLUNK_HOME variable to the directory in which Splunk is installed in.