How To Install Splunk On Ubuntu 20.04

I recently installed Splunk 8.2.4 because older version of Splunk was affected by the Log4j vulnerability, the following is the installation process.

Installation

Download and install the dpkg package.

wget https://download.splunk.com/products/splunk/releases/8.2.4/linux/splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb
dpkg -i splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb

Initial configuration

Entering the following command and configure the username and password.

sudo /opt/splunk/bin/splunk enable boot-start

After that we need to start the service.

cd /opt/splunk/bin
./splunk start

Now we can use http://ip addr:8000 to access the Splunk web interface.

Collect logs

To collect syslog from Cisco devices, configure the following on the web interface.

  1. Navigate to Settings – Add data, click Monitor
  2. Select TCP/UDP
  3. Configure UDP Port as 514 and click NEXT
  4. Select the Source Type as cisco_syslog and submit

Change to free license

The Free license allows to index 500 MB of data per day,this is enough for my environment, so I switched to free license.

  1. Navigate to Settings — Licensing
  2. Click Change license group
  3. Select Free license and click Save

Splunk will restart after performing the above steps. username and password are not required anymore when accessing the web interface.

2 Responses

  1. solomon says:

    dpkg-deb: error: ‘splunk-8.2.4-87e2dda940d1-linux-2.6-amd64.deb’ is not a Debian format archive (got this error what does this require)

Leave a Reply to Haifeng Cancel reply

Your email address will not be published.