Our blog

How To Install Splunk on Linux: A Step To Step Guide

How to install Splunk on your Linux distribution by bitsIO

Splunk is a powerful and widely used software platform that allows organizations to index, search, and analyze massive amounts of data. In its latest version 9.0.4.1, Splunk has strengthened its functionality by including performance improvements, such as faster search times and reduced memory usage, enabling users to analyze and visualize their data more efficiently.

With the introduction of SmartStore Tiering in Splunk 9.0.4.1, users can now store cold data more cost-effectively on cloud-based object stores, freeing up local storage for frequently accessed data.

Splunk 9.0.4.1 also includes several new features and enhancements, such as improved event categorization and expanded support for AWS services, providing users with more powerful tools to manage and analyze their data.

It can be installed on various operating systems, including Linux, which is a popular choice among system administrators. 

In this article, we will guide you through the steps to install Splunk on a Linux machine. So let’s get started.

Installing Splunk in Linux 

Without any further ado let us get straight into the download and installation of Splunk. Here are a few primary steps that you need to follow to install Splunk on Linux. 

Check the System Configuration

Before you begin, you should ensure that your Linux machine meets the minimum system requirements for running Splunk. 

You will need a 64-bit operating system, at least 4 GB of RAM, and a dual-core CPU. Additionally, you will need enough disk space to store the data you want to index and search.

Download the Splunk Installation Package

Splunk Landing Page

To install Splunk on Linux, you will need to download the appropriate installation package from the official Splunk website. You can download the package from the following link: https://www.splunk.com/en_us/download/splunk-enterprise.html.

Once you have downloaded the package, you should move it to a directory on your Linux machine where you have write permissions.

How to Install Splunk for the First Time

To install Splunk on Linux, you will need to run the installation script as the root user. To do this, open a terminal window and navigate to the directory where you saved the installation package. Then, enter the following command:

sudo ./splunk-<version>-linux-<architecture>.rpm

Replace <version> and <architecture> with the appropriate values for your installation package. This will start the installation process, which may take a few minutes to complete.

1. Configure Splunk

Once the installation is complete, you can configure Splunk to suit your needs. By default, Splunk will be configured to run on port 8000, so you can access it by opening a web browser and navigating to http://<your-server>:8000

You will be prompted to set up a Splunk admin account, which you can use to log in to the Splunk web interface. Once you have logged in, you can configure Splunk to index and search the data you want to analyze.

2. Start Splunk

To start Splunk on Linux, you will need to run the following command: 

sudo /opt/splunk/bin/splunk start

This will start the Splunk service, which will begin indexing and searching the data you have configured to analyze. You can monitor the status of the service by running the following command: sudo /opt/splunk/bin/splunk status

This will display information about the current status of the Splunk service, including whether it is running or stopped.

3. Stop Splunk

If you need to stop the Splunk service for whatever reason, you can do so by running the following command: sudo /opt/splunk/bin/splunk stop

This will stop the Splunk service and prevent it from indexing or searching for any new data until you start it again.

4. Upgrade Splunk

To upgrade Splunk on Linux, you will need to download the latest version of the installation package from the official Splunk website. 

Once you have downloaded the package, you can upgrade Splunk by running the following command:  sudo rpm -Uvh splunk-<version>-linux-<architecture>.rpm

Replace <version> and <architecture> with the appropriate values for your installation package. This will upgrade Splunk to the latest version and preserve your existing configuration and data.

How to Install Splunk with the Tar file 

  1. Download the appropriate Splunk TAR file for your operating system from the official Splunk website: https://www.splunk.com/en_us/download.html
  2. Once the download is complete, navigate to the directory where the TAR file is saved.
  3. Extract the contents of the TAR file to a directory of your choice using the following command: tar xvzf splunk-<version>-linux-<architecture>.tgz -C <directory>

Note: Replace <version>, <architecture>, and <directory> with the actual version number, architecture, and directory where you want to extract the files.

  1. After extraction is complete, navigate to the directory where Splunk was extracted.
  1. Start the Splunk service using the following command: ./splunk start
  1. Once the service has started, access the Splunk Web interface by navigating to http://<hostname>:8000 in a web browser, where <hostname> is the hostname or IP address of the server where you installed Splunk.
  1. Follow the on-screen instructions to complete the initial Splunk setup.

That’s it! You should now have Splunk successfully installed on your Linux system using the TAR file.

How to Install Splunk on Red Hat Enterprise Linux (RPM)

The installation process is a little bit more involved on Red Hat Enterprise Linux, but still easy and manageable. With this distribution, you have to create a new user in order to safely operate Splunk. 

We do not recommend installing Splunk on your root user as it will compromise the rest of the system. Follow these steps to install Splunk on RHEL:

1. Download the .rpm file

wget -O splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.0&product=splunk&filename=splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm&wget=true’

2. Create a new Splunk user

groupadd splunk useradd -d /opt/splunk -m -g splunk splunk

3. Create the following directory

mkdir /opt/installers

4. Copy the downloaded .rpm file to the new directory

Cp splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm /opt/installers/

5. Change ownership

chown -R splunk: /opt/splunk/ /opt/installers

6. Switch user

su – splunk

7. Change directory

cd /opt/installers

8. Install Splunk

rpm -i splunk-8.0.0-1357bef0a7f6-linux-2.6-x86_64.rpm

9. Start Splunk quickly (accept license automatically)

/opt/splunk/bin/splunk start –accept-license

10. Enter an administrator username

Please enter an administrator username:

11. Enter and confirm a password

Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:

12. Enable at boot

/opt/splunk/bin/splunk enable boot-start

How to Install Splunk on Debian (DEB)

Being one of the most popular Linux distributions, it’s likely that you’ll want to install Splunk directly on Debian

Thankfully, it’s also one of the easiest platforms to get things set up correctly. On Debian, you don’t need to create separate users and accounts to install Splunk, you simply need to follow a few steps and you’re good to go:

1. Download the .deb file

wget -O splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.0&product=splunk&filename=splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb&wget=true’

2. Install Splunk

sudo dpkg -i splunk-8.0.0-1357bef0a7f6-linux-2.6-amd64.deb

3. Start Splunk at boot

sudo /opt/splunk/bin/splunk enable boot-start

4. Accept license (scroll down to 100% with enter)

Do you agree with this license? [y/n]: y

5. Enter an administrator username

Please enter an administrator username:

6. Enter and confirm a password

Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:

7. Start Splunk service

sudo service splunk start

And with that, you’ve successfully installed and started Splunk on your Debian machine. Now head on over to the web interface section to start logging your data. 

Note – You can always check whether Splunk is correctly installed on your Debian machine or not by using the dpkg –status splunk command.

dpkg –status splunk Package: splunk Status: install ok installed Maintainer: Splunk Inc. Architecture: amd64 Version: 8.0.8 Description: Splunk The platform for machine data.

Installing Splunk on Linux is a straightforward process that involves downloading and installing the appropriate RPM package or TAR file from the Splunk website.

After installation, you can start the Splunk service and access the Splunk Web interface to complete the initial setup. 

It is important to ensure that your system meets the minimum requirements for running Splunk and to consider configuring your system for optimal performance and security. 

With the right setup and configuration, Splunk can provide valuable insights from machine-generated data, helping you gain a deeper understanding of your systems and applications.

Enhance Your Data Analysis Game with BitsIO

Ready to streamline your data analysis with Splunk? Head over to bitsIO and explore our range of managed services to take your Splunk installation to the next level.

If you’re looking to manage your data more effectively, Splunk is a powerful tool that can help you gain insights and make informed decisions. But getting it up and running on Linux can be a challenge. That’s where bitsIO comes in. 

Our team of experts has years of experience installing and managing Splunk in Linux environments, and we’re here to help you every step of the way. 

With our managed services, you can take the hassle out of installing and maintaining Splunk, so you can focus on what matters most: analyzing your data. From setup to optimization, we’ve got you covered. So why wait? Let bitsIO help you get the most out of your Splunk installation today.