Installing Splunk

Splunk is a software platform that can be used for monitoring, searching, analysing and visualising any type of machine generated data, the format can be either structured or unstructured and once indexed you can start to visualise your data.

In this first blog we will be installing a single instance of Splunk on CentOS 7. 

Splunk Download: https://www.splunk.com/en_us/download/splunk-enterprise.html 

1. As we are installing in a non production environment we can disable the firewall

systemctl stop firewalld
systemctl disable firewalld

2. Create Splunk User

sudo useradd splunk

3. Extract the Splunk .tgz file to /opt/

sudo tar -xvf /tmp/splunk-7.3.1-bd63e13aa157-Linux-x86_64.tgz -C /opt/

4. Change ownership of the Splunk directory to the Splunk user

sudo chown -R splunk:splunk /opt/splunk/

5. Start Splunk as Splunk user

sudo su splunk
/opt/splunk/bin/splunk start --accept-license

6. You will be prompted to create an account and set the login password to Splunk

That's all there is to it, you now have a fully running Splunk instance.

We can now start getting data in.