Install Splunk Enterprise on Ubuntu Desktop

Pre-requisites:

Latest Ubuntu OS running in a VM such Virtualbox or Vmware. Am using Virtualbox for this blog. Also an SSH client to remote into the virtual machine instance such as Putty or Kitty

Configure VM network adapter and install openssh:

configure the Ubuntu instance network as a bridged adapter
install openssh-server because you need to remote into the VMs to install Splunk

apt-get install ssh
start the SSH service
service ssh start

Then ssh into your VM using putty

Download and install splunk enterprise:

Download Splunk Enterprise from the official site
Run the wget commands from the download link

wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true'
Unzip package in /opt
dpkg -i splunk-7.1.2-a0c72a66db66-linux-2.6-amd64.deb /opt

Start splunk enterprise:

/opt/splunk/bin/splunk start --accept-license
enter new password since its the first time you are using it

After a successful splunk install, go to ubuntu VM and open favorite browser

Login into Splunk

http://localhost:8000
Login in with username admin and the password you setup during the installation

Get data into Splunk

Go to Settings then click on Data Inputs
Go to Files & Directories

Click on New Local File & Directory
Fill in the file path for the logs you want ingested into Splunk into the File or Directory field.
OR if you are not sure, use the browser button to select default source locations

Follow the prompts to the end. After a few minutes Splunk with start populating events

Congratulations, you have a Splunk Server running!!