Recommended by 0 users
What is Splunk?
Splunk is an American company based in San Francisco, California. The company was founded in 2003 by Michael Baum, Rob Das, and Erik Swan with a mission to make it much easier to assemble and analyze the data needed to run and troubleshoot a datacenter.
In simple words Splunk is Google for all your machine data /logs. Here are some of the features of Splunk Enterprise:
- It’s a powerful software/Engine which can be used to search, investigate, troubleshoot, monitor, visualize, alert, and report on everything that’s happening in your entire IT infrastructure from one location in real time.
- You have to only enter the search keyword in the search bar and done. Splunk will search logs of all machines/Servers /Network devices from your enterprise and will present available info as a result, just like Google.
- You don’t need to login to multiple servers and dig for all logs for the particular event . Splunk will do it for you in a smarter way.
- For example, if you want to know particular users’ activity on all servers, then you just need to enter username in the search bar and hit enter. Splunk will collect and display all activities performed by user on all machines in a few seconds
- You can even monitor your twitter feeds, gmail, mailbox etc using splunk
- Splunk Enterprise takes valuable machine data and turns it into powerful operational intelligence by providing real time insight to your data through charts, alerts, reports etc. –
- Its a data mining tool for Big Data. Built in to handle Big/large data without affecting performance
- Splunk does not require any database like Oracle or MS SQL to store its data. It stores its data in indexes. So it requires no additional cost for DB
- It effectively reduces troubleshooting and resolving time by providing instant results. Splunk is your best friend for root cause analysis.
- It can work as a monitoring tool, SIEM, reporting tool, analysys tool….and much more…..
- It’s very easy to set up and expand.
NOTE – Splunk is available for Windows, Linux, Solaris, and Mac OS.
Install Splunk on Windows
Follow these steps to install Splunk Enterprise using the MSI graphical installer.
1. To start the installer, double-click the
2. In the Welcome panel, click Next.
3. Read the licensing agreement and select “I accept the terms in the license agreement” check box.
4. Click Next.
5. In Customer Information, enter the requested details and click Next.
6. In the Destination Folder panel, click Change… to specify a different location, or click Next to accept the default value.
Splunk Enterprise is installed by default into the
\Program Files\Splunk directory.
7. In the Logon Information panel, select Local system user and click Next.
To learn about the other user option, see the instructions for “installing Splunk Enterprise on Windows” in the Installation manual.
8. After you specify a user, the pre-installation summary panel appears. Click Install.
9. In the Installation Complete panel, select the Launch browser with Splunk and Create Start Menu Shortcut check boxes
10. Click Finish.
As soon as the installation finishes, Splunk Enterprise starts, and Splunk Web launches in a supported browser.
Install Splunk on Linux
Splunk Enterprise provides three Linux installer options: an RPM, a DEB, and a compressed .tar file. Installation instructions for each installer are as follows.
Note: You must have access to a command-line interface (CLI). When you type in the installation commands, replace
splunk_package_name with the file name of Splunk Enterprise installer.
By default, Splunk Enterprise installs into the
/opt/splunk directory on Linux.
To install the Splunk RPM,
1. Type the following into the CLI. Use the optional
--prefix flag to install Splunk into a different directory.
rpm -i --prefix=/opt/new_directory splunk_package_name.rpm
To install the Splunk DEB package,
1. Type the following into the CLI. You can only install the Splunk DEB into the default
dpkg -i splunk_package_name.deb
To install Splunk using the compressed tar file,
1. Expand the file into the appropriate directory using the
tar command. The default install directory is
/splunk in the current working directory. To install into a specific directory, such as
/opt/splunk, use the
tar xvzf splunk_package_name.tgz -C /opt
Access Splunk web interface
To access the Splunk web interface, open your browser and go to http://hostname:8000. We can use localhost instead of hostname since we are accessing Splunk from the machine it was installed on:
You can log in using the default credentials:
- username – admin
- password – changeme
After you log in, you will be prompted to change your password to something more secure:
You should be greeted with the screen that enables you to add data or find out more about Splunk: