How To Install Free Splunk

Training Events

  1. How To Install Splunk Free On Linux

Splunk 7.x Fundamentals Part 1 (eLearning)

Try Splunk Enterprise free on our cloud platform or download for hybrid and on-prem. Stream, collect and index any type of data safely and securely for IT, Security and DevOps. No credit card required.

This free course teaches you how to search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts. It will also introduce you to Splunk's datasets features and Pivot interface. Lab work for this course requires that you download and install Splunk Enterprise on a local system or server.

First go to splunk.com and click on products. And then go over here to pricing. I think this is the easiest way to make sure you're downloading Splunk free and not a free trial of the enterprise. Click the Command Line (wget) option and copy the link to wordpad or another text editor for later use. Download Splunk Universal Forwarder. The previous steps apply for the Universal Forwarder as well, but you will need to repeat this process for both Linux and Windows versions. Installing Splunk. Splunk Infrastructure Monitoring. Monitor the performance of all your servers, containers and apps in real-time at scale. Access Free 14-Day Trial. Find and fix problems faster with automated and insightful incident management routing, collaboration and reviews.

Splunk 7.x Fundamentals Part 1 (IOD)

Install
This course teaches you how to search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts. It will also introduce you to Splunk's datasets features and Pivot interface. Once you register, you will have 30 days to complete this course.

Splunk 8.1 Fundamentals Part 1

This course teaches you how to search and navigate in Splunk to create reports and dashboards, both using Splunk’s searching and reporting commands and using the product’s interactive Pivot tool. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts.

Setting up AWS

I hope you did your homework on the basics of AWS as I will not be walking you through the entire setup or provisioning of your instances. I will provide the requirements needed for the software to run and the recommended security group settings. If you need additional help on using AWS, I recommend visiting free training provided by Amazon.

Create a VPC

Your instances run in a private, isolated section of the AWS cloud with direct access to the Internet. Network access control lists and security groups can be used to provide strict control over inbound and outbound network traffic to your instances. I recommend using the following private address 10.0.0.0/16

Create two subnets, one for Splunk and one for application servers(data sent to Splunk)

Splunk Applications: 10.0.0.0/24 Will allocate 251 IP addresses

Web Applications: 10.0.1.0/24 Will allocate 251 IP addresses

Provision Instances

The following requirements are not set forth by Splunk. I chose these configurations based on what will work for a minimal non-data-intesive learning environment. For those of you who may be looking to provision a real enterprise environment, I encourage you to visit the official splunk documentation.

Make sure to assign a Elastic IP address to each instance(This is considered bad practice so only do this for training purposes)

Create 4 Security Groups

NameAllow AllAllow 10.0.0.0/16Allow 'My IP'
SH-SG4438065, 8089, 8191, 988722, 8000
IDX-SG514, 8065, 8089, 9887, 999722, 8000
DS-SG808922, 8000
Hack MeAll TCP/UDP

Provision the Following Instances

NameOSProcessorRamDiskSecurity Group
Splunk Search HeadUbuntu1vCPU + 1 per user2GB/4GB8GB/32GBSH-SG
Splunk IndexerUbuntu2vCPU/4vCPU4GB/8GB64GB/128GB
800/1200 IOPS
IDX-SG
Splunk Deployment ServerUbuntu1vCPU1GB/2GB8GB/16GBDS-SG
Application ServersWindows/Linux1vCPU1GB/2GB30GBHack Me

You can provision as many or as few application servers as you wish.

Example


I've added additional rules than are required for this tutorial

Download Splunk

This step requires a Splunk account, so please create one if you haven't already done so. Throughout this tutorial, I will be using the wget command to download the correct Splunk package for each instance. After logging into Splunk visit the following page (download splunk) to get started. You will need Splunk Enterprise and the Universal Forwarder packages for each desired operating system. I have provided screenshots on how to get the wget link.

At the download homepage click on Download Free 60-Day Trial

In this tutorial, we are using Ubuntu, a Linux based operating system for our Enterprise instances. Click on Linux and download the deb package.

The download will start automatically, you should also have a USEFUL TOOLS option. Click the Command Line (wget) option and copy the link to wordpad or another text editor for later use.

Download Splunk Universal Forwarder

The previous steps apply for the Universal Forwarder as well, but you will need to repeat this process for both Linux and Windows versions. Download Link


Installing Splunk

It's highly recommended that you update and upgrade your machines before installing Splunk.

It will be assumed you know how to connect to your instance using either a SSH client or Amazon's Web Console. Make sure you allocate a public IP address for easy connection. Also, make sure that the security group is appropriately configured to allow only your IP address to connect via SSH.

Splunk Enterpirse Installation

Splunk Enterprise will need to be installed on every instance except for systems that require a Light or Universal Forwarder. Install the enterprise package on all other systems, including those needing a Heavy Forwarder.

Repeat the above steps for every instance

Splunk Universal Forwarder Installation

How To Install Splunk Free On Linux

Steps are very similar to that of the Enterprise package.

Repeat for each (nix) instance needing a Splunk Forwader

Windows

Installing a forwarder on Windows is done using the install wizard.

  • Select the advanced option when installing.
  • When asked to provide a deployment server and indexer provide the private IP address and use the default port numbers.
  • When asked which data you would like to monitor, I would select the ones in which you may find interesting.
  • I suggest following the documentation if you need additional help
How To Install Free Splunk

Homework

At this point in the series you should have installed the following components; Search Head, Indexer, Deployment Server/ License Manager, and two universal Forwarders.

To verify your work, login into Splunk Web by pasting the public IP address into the browser including the port number. Usage: http://$ip_address:8000. If you see this homepage and are able to login that is as far as you need to go for now.


Next Step is configuring

See: Configuring Splunk