Install Splunk on Ubuntu
Splunk offer installation instructions for Debian, Red Hat and generic tar file installation. There are no specific instructions for Ubuntu. Here is a quick way to install Splunk on Ubuntu 14:
1. Download the Debian (.deb) corresponding version of Splunk (32bit or 64 bit). If you cannot tell exactly what version of Ubuntu you have, use the following command to get the information:
uname -a
The output should be something similar to:
Linux UBUNTU02 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
x86_64 indicates a 64bit version
If the upgrade is done from a terminal, you can get the right "wget" download link from Splunk (follow the instructions for downloading a Linux version). It should look something like this:
wget -O splunk-7.2.5.1-962d9a8e1586-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.5.1&product=splunk&filename=splunk-7.2.5.1-962d9a8e1586-linux-2.6-amd64.deb&wget=true'
Once the right version of Splunk is downloaded, run the following command:
sudo dpkg -i Downloads/splunk-6.6.1-aeae3fe0c5af-linux-2.6-amd64.deb
This assumes that Splunk was downloaded on your personal Downloads folder on Ubuntu. If not, update the path accordingly.
Once the installation is finished, start Splunk using:
sudo /opt/splunk/bin/splunk start
Access Splunk using the default http://localhost:8000, user admin and password "changeme".
In a similar fashion, perform an upgrade to the latest version, though of course, the host IP and login credentials will be the same as the original installation. When the dpkg command is issued, the Splunk installer will detect the fact that it is an upgrade, it will shutdown Splunk and install the upgrade. However, it will not restart Splunk as it needs confirmation of the licensing agreement, etc. To finish the upgrade, start Splunk manually (cd to the Splunk bin folder and run ./splunk start). You will have to confirm the licensing agreement and then Splunk will run the steps needed to finish the upgrade.
1. Download the Debian (.deb) corresponding version of Splunk (32bit or 64 bit). If you cannot tell exactly what version of Ubuntu you have, use the following command to get the information:
uname -a
The output should be something similar to:
Linux UBUNTU02 4.4.0-78-generic #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
x86_64 indicates a 64bit version
If the upgrade is done from a terminal, you can get the right "wget" download link from Splunk (follow the instructions for downloading a Linux version). It should look something like this:
wget -O splunk-7.2.5.1-962d9a8e1586-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.5.1&product=splunk&filename=splunk-7.2.5.1-962d9a8e1586-linux-2.6-amd64.deb&wget=true'
Once the right version of Splunk is downloaded, run the following command:
sudo dpkg -i Downloads/splunk-6.6.1-aeae3fe0c5af-linux-2.6-amd64.deb
This assumes that Splunk was downloaded on your personal Downloads folder on Ubuntu. If not, update the path accordingly.
Once the installation is finished, start Splunk using:
sudo /opt/splunk/bin/splunk start
Access Splunk using the default http://localhost:8000, user admin and password "changeme".
In a similar fashion, perform an upgrade to the latest version, though of course, the host IP and login credentials will be the same as the original installation. When the dpkg command is issued, the Splunk installer will detect the fact that it is an upgrade, it will shutdown Splunk and install the upgrade. However, it will not restart Splunk as it needs confirmation of the licensing agreement, etc. To finish the upgrade, start Splunk manually (cd to the Splunk bin folder and run ./splunk start). You will have to confirm the licensing agreement and then Splunk will run the steps needed to finish the upgrade.
Comments
Post a Comment