Category Archives: Linux

Installing and Running Splunk on CentOS 6.4

To be able to download the Splunk RPM you will need to create a free Splunk account to do this go to the following Web Site and signup:

https://www.splunk.com/page/sign_up

Once you have Signed up and logged in you will be able to download Splunk for a multitude of operating Systems for this tutorial we will be using the latest Linux 2.6+ Kernel version for CentOS:

image

If you would like to check what Kernel version you are currently running you can run uname –a at a shell prompt and this will tell you the current version as you can see from the following screenshot our copy of CentOS 6.4 is running kernel version 2.6.32

Click the link for the RPM version as we are using a Red hat derivative, and on the following page you can select the wget link to download the RPM directly from your Linux machine:

image

This will open a new window with the full wget command to download the RPM so make sure you are in a directory with enough space to store the rpm such as /tmp, once you press return wget will download the Splunk RPM into your current directory ready for installation.

Once the download has completed to install Splunk simply enter rpm –ivh splunk.*.rpm [Replace .* with the current version you downloaded]

Once the installation ahs been completed you will see a several importnat things to note:

  1. Splunk was installed into /opt/splunk – program files will be found in this directory
  2. To start he application /opt/splunk/bin/splunk start
  3. To control the application the website will be running on port 8000 on your server http://<yourserver FQDN>:8000

So firstly we need to start the application running so from a shell prompt /opt/splunk/bin/splunk start

You will then be prompted with the EULA you should read through this and scroll to the bottom and enter Y if you agree to the EULA

At this point Splunk will recognise this is the first time running the application and will run a file check, ensure nothing is listening on the TCP ports that it requires for its operation, it will set itself up to auto start with the machine and finally start the application listening.

Now open a web browser and marvel in amazement how easy your deployment of such a great tool was, you will need to change the admin credentials.

Once you have changed the password you are ready to go