How to Install Splunk on Ubuntu 20.04

Install Splunk on Ubuntu 20.04

In this article, we will have explained the necessary steps to install and configure Splunk on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Splunk is a powerful log analyzer that can be deployed in your IT infrastructure to gain insights into your IT assets. It is one of the most powerful tools for analyzing, exploring and searching data. It is one of the easiest way to index, search, collect and visualize massive data streams in real-time from the application, web servers, databases, server platforms, Cloud-networks and many more.

Splunk comprises 3 main components:

  1. Splunk Forwarder: It is used for collecting the logs.
  2. Splunk Indexer: It is used for Parsing and Indexing the data.
  3. Splunk Search Head: Provides a web interface for searching, analyzing and reporting.

Install Splunk on Ubuntu 20.04

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

sudo apt update
sudo apt upgrade

Step 2. Download and Install Splunk on Ubuntu system.

Create account and download Splunk Enterprise Software from Splunk official website:

wget -O splunk- ''

Once the download is completed, install the downloaded file using the following command:

sudo dpkg -i splunk-

Finally, We shall enable Splunk to always start when the server starts:

sudo /opt/splunk/bin/splunk enable boot-start

Here, you will need to agree to the License Agreement and provide admin password, Accept the Software license by typing Y.

Next, start Splunk service using the following command:

sudo systemctl start splunk

To verify that Splunk is indeed running, run:

systemctl status splunk

Step 3. Accessing Splunk Web Interface.

Now you can access your Splunk Web interface at http://Your-Server-IP-Address:8000/ or http://Server-hostname:8000. You need to make sure this port 8000 is open on your server firewall.

That’s all you need to do to install Splunk on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.