Install Splunk Enterprise on Ubuntu Desktop

Pre-requisites:

Latest Ubuntu OS running in a VM such Virtualbox or Vmware. Am using Virtualbox for this blog. Also an SSH client to remote into the virtual machine instance such as Putty or Kitty

Configure VM network adapter and install openssh:

configure the Ubuntu instance network as a bridged adapter

install openssh-server because you need to remote into the VMs to install Splunk

apt-get install ssh

start the SSH service

service ssh start

Then ssh into your VM using putty

Download and install splunk enterprise:

Download Splunk Enterprise from the official site

Run the wget commands from the download link

wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true'

Unzip package in /opt

dpkg -i splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb /opt

Start splunk enterprise:

/opt/splunk/bin/splunk start --accept-license

enter new password since its the first time you are using it

After a successful splunk install, go to ubuntu VM and open favorite browser

Login into Splunk

http://localhost:8000

Login in with username admin and the password you setup during the installation

Get data into Splunk

Go to Settings then click on Data Inputs

Go to Files & Directories

Click on New Local File & Directory

Fill in the file path for the logs you want ingested into Splunk into the File or Directory field.

OR if you are not sure, use the browser button to select default source locations

Follow the prompts to the end. After a few minutes Splunk with start populating events

Congratulations, you have a Splunk Server running!!