How to Install Splunk on Debian 11 or 10 Linux – Linux Shout

Let’s install Splunk on Debian 11 / 10  Linux operating system analyze data collected from various resources… 
Splunk is security, information, and event management software (SIEM for short). It is a cross-platform solution that receives information from various sources and combines and visualizes the correlated information on a dashboard. The data processed by Splunk can also be enriched with the conventional data from relational databases.
Splunk understands machine data as well as the texts that people have created. Machine data is the information (unstructured data) that is generated during the operation of various systems (computers, mobile devices, network components, security appliances, measuring devices, etc.). When you talk about the machine data, you mostly talk about the logs.
Thus, SIEM means that you load all the log files of your devices into a large database and unify them. The SIEM warns you when something unusual occurs. You can analyze this data with Splunk to figure out what is going on.
Minimum Hardware requirements for Splunk single Enterprise instance. However, you can install it even on less than the mentioned resource to learn it.
Contents
The free version of Splunk is available with all Enterprise features but for a limited period of time i.e 6o days after that, the user has to upgrade to continue for all features. Whereas, if you don’t then a free license with limited features will go on without any expiry. However, you will only allow to index 500 MB per day, there will be no searching; bulk loading of large data sets allows only 2 times within a 30 day period.  Know more about a free license.
To install Splunk on Debian, the developers of this platform offers Deb binary that easily can be downloaded from the official website (link)
Alternatively, the users can use the below given wget command to get the free version of Splunk with trial Enterprise features.
 
As the downloaded file is .deb, thus we can use the APT package manager to install it.
Note: If you have downloaded this data analyses software on GUI Linux using the browser, the first switch to the Downloads directory using cd Downloads. Whereas the users got it using wgetcommand can simply run:
 
Once the installation is completed, let’s run the script that will not only enable Splunk service at boot level but also let us set up login details-  Admin user and its password. However, as the script starts press the Esc key and the Y to accept the license.
Command to install Splunk on Debian 11
 
Now, this data analytical platform is ready, lets’s access its web interface at localhost:8000, whereas the users who want to access Splunk Dashboard on some remote system, need to open port 8000 in the system firewall. For that run:
Note: If you get a command not found then first enable UFW, here is the article on it: Install and Configure UFW on Debian
After that:
For remote system browser – http://your-server-ip:8000
For Local system browser- http://localhost:8000
 
The first screen you will get on your browser is to enter the Admin username and password set while configuring Splunk. Enter the same to log in.
Login Splunk free Enterprise
 
Finally, you have the Splunk on your Debian or Ubuntu system, now click on Add Data to integrated the source of Data for analysis.
Splunk Dashboard installed on Debian Linux
From here you can refer to official Splunk documentation to know more…
 
 
Debian

Debian

Debian

Debian, Linux









This site uses Akismet to reduce spam. Learn how your comment data is processed.
Linux Shout crafted as a part of our main portal H2S Media to publish Linux related tutorials and open source Software.

source

We will be happy to hear your thoughts

Leave a reply

LINXGO
Logo
Compare items
  • Total (0)
Compare