Skip to main content

Installing Splunk Enterprise

Hands-On Lab

 

Photo of Myles Young

Myles Young

BigData Training Architect II in Content

Length

01:30:00

Difficulty

Intermediate

So you want to use Splunk? Well, let's start with the basics. In this hands-on lab, you are given the opportunity to exercise the following: Install Splunk Enterprise on a CentOS 7 cloud server Manually create the administrator credentials Configure Splunk to start on boot Explore the Splunk Enterprise web console

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Installing Splunk Enterprise

Introduction

So you want to use Splunk? Well, let's start with the basics. In this hands-on lab, you are given the opportunity to exercise the following:

  • Install Splunk Enterprise on a CentOS 7 cloud server
  • Manually create the administrator credentials
  • Configure Splunk to start on boot
  • Explore the Splunk Enterprise web console

Instructions

You are a system administrator working on a log centralization project. You have been asked to perform a proof-of-concept (POC) of a Splunk Enterprise logging solution. To facilitate this POC, you must first install a single-node Splunk node on a CentOS cloud server. The Splunk service should be configured to start on boot and the administrator credentials for Splunk should be as follows:

  • User: admin
  • Password: $p|unkEnt3rpr!$e

Finally, start the Splunk service and explore the web console using your public IP address and the default console port 8000 to get a better understanding of the Splunk console interface and it's capabilities.

Solution

Begin by logging in to node1 using the credentials provided on the hands-on lab page:

ssh cloud_user@PUBLIC_IP_ADDRESS

Install Splunk Enterprise using the RPM in the "root" user's home directory

Become the root user:

sudo su -

Install Splunk:

cd ~
rpm -i splunk-7.2.4.2.rpm

Manually create the administrator credentials without starting Splunk

The file /opt/splunk/etc/system/local/user-seed.conf should contain the following:

vim /opt/splunk/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = $p|unkEnt3rpr!$e

Configure Splunk to start on boot and accept the Splunk Enterprise license

Enable boot-start and accept the Splunk Enterprise license:

/opt/splunk/bin/splunk enable boot-start --accept-license

Start Splunk

Start Splunk:

/opt/splunk/bin/splunk start

Log in to and explore the Splunk Enterprise web console

In your web browser, go to http://your_public_ip_address:8000.

Log in as the user admin and password $p|unkEnt3rpr!$e.

Explore the Splunk Enterprise web console.

Conclusion

Congratulations, you've completed this hands-on lab!