In this article, we will have explained the necessary steps to install and configure Splunk on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with
sudo privileges. All the commands in this tutorial should be run as a non-root user.
Splunk is a powerful log analyzer that can be deployed in your IT infrastructure to gain insights into your IT assets. It is one of the most powerful tools for analyzing, exploring and searching data. It is one of the easiest way to index, search, collect and visualize massive data streams in real-time from the application, web servers, databases, server platforms, Cloud-networks and many more.
Splunk comprises 3 main components:
- Splunk Forwarder: It is used for collecting the logs.
- Splunk Indexer: It is used for Parsing and Indexing the data.
- Splunk Search Head: Provides a web interface for searching, analyzing and reporting.
Install Splunk on Ubuntu 20.04
Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 2. Download and Install Splunk on Ubuntu system.
Create account and download Splunk Enterprise Software from Splunk official website:
wget -O splunk-220.127.116.11-7651b7244cf2-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=18.104.22.168&product=splunk&filename=splunk-22.214.171.124-7651b7244cf2-linux-2.6-amd64.deb&wget=true'
Once the download is completed, install the downloaded file using the following command:
sudo dpkg -i splunk-126.96.36.199-7651b7244cf2-linux-2.6-amd64.deb
Finally, We shall enable Splunk to always start when the server starts:
sudo /opt/splunk/bin/splunk enable boot-start
Here, you will need to agree to the License Agreement and provide admin password, Accept the Software license by typing Y.
Next, start Splunk service using the following command:
sudo systemctl start splunk
To verify that Splunk is indeed running, run:
systemctl status splunk
Step 3. Accessing Splunk Web Interface.
Now you can access your Splunk Web interface at
http://Server-hostname:8000. You need to make sure this port 8000 is open on your server firewall.
That’s all you need to do to install Splunk on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.