How To Install Splunk On Ubuntu 20.04
I recently installed Splunk 8.2.4 because older version of Splunk was affected by the Log4j vulnerability, the following is the installation process.
Installation
Download and install the dpkg package.
wget https://download.splunk.com/products/splunk/releases/8.2.4/linux/splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb dpkg -i splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb
Initial configuration
Entering the following command and configure the username and password.
sudo /opt/splunk/bin/splunk enable boot-start
After that we need to start the service.
cd /opt/splunk/bin ./splunk start
Now we can use http://ip addr:8000 to access the Splunk web interface.
Collect logs
To collect syslog from Cisco devices, configure the following on the web interface.
- Navigate to Settings – Add data, click Monitor
- Select TCP/UDP
- Configure UDP Port as 514 and click NEXT
- Select the Source Type as cisco_syslog and submit
Change to free license
The Free license allows to index 500 MB of data per day,this is enough for my environment, so I switched to free license.
- Navigate to Settings — Licensing
- Click Change license group
- Select Free license and click Save
Splunk will restart after performing the above steps. username and password are not required anymore when accessing the web interface.
dpkg-deb: error: ‘splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb’ is not a Debian format archive (got this error what does this require)
It is possible that the file may be corrupted, you can try to re-download and check the MD5 value.