Archive

Splunk on Chromebook?

Contributor

I'm considering grabbing a chromebook, but I'll want to install splunk enterprise on it (for testing purposes, labs and such). Anyone ever done this? I'm not terribly familiar with the chromebooks.

Many Thanks!

Tags (1)
1 Solution

Path Finder

As far as I know you can't. Not with a stock chromebook anyway. To clarify, you can install the Splunk tar file on the system as a non root user, but most of the chromebooks have very low compute resources (such as hard drive space, procs, and ram). To install splunk you will have to access the crosh shell, then install it like regular Splunk on linux. There are no dependencies that I'm aware of that will prevent the install, its mostly just a matter of compute resources. As far as I've read, crosh only gives you sudo access as well. Hope that helps, but here are some links for more info.

How to access and use the crosh shell: https://software.intel.com/en-us/blogs/2014/08/18/two-simple-ways-to-get-to-the-chrome-os-shell

Crosh shell builtin commands: http://www.howtogeek.com/170648/10-commands-included-in-chrome-oss-hidden-crosh-shell/

View solution in original post

Engager

You can install it easier in chromeOS now. After opting into Crostini (Linux Beta) you can follow the Linux instructions for the .tzg file and run the wget command from the Crostini Linux terminal (or move the .tgz from your downloads folder to the linux files folder). After following the video to the point where it is installed and started you will also need to run a browser from the Crostini Linux since it is sandboxed from the rest of ChromeOS so the native Chrome browser will not be able to access the web interface address. You can run the command sudo apt install firefox-esr from the Crostini terminal to install Firefox, for instance, and then the Crostini Firefox browser will be able to navigate out to the web interface address for the splunk interface running in that same Crostini Linux sandbox.

,Since all Chromebooks are now going to have Crostini (linux beta) support i wanted to try my hand at installing the linux version on my Cromebook as i am waiting for blackfriday to get a good deal to replace my old windows 7 laptop thats hardware does not support windows 10. Its actually pretty simple. First you need to enable to Beta which you can find good instructions over at: Android Central

Now you can follow the install instructions for linux exactly as the video shows but im going to put into text because i find it easier than watching a video (or the video might change).

Download the .tgz file from Splunk and move it from downloads folder to the Linux files folder or you can open the Linux terminal and run the wget command:

wget -O splunk-8.0.0-1357bef0a7f6-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version...'

Now i created a Directory called Splunk (mkdir Splunk) the ran the command from the install video with my directory name (tar xvzf splunk-8.0.0-1357bef0a7f6-Linux-x86_64.tgz -C Splunk)

Then navigated into the directory to the bin folder: cd Splunk/splunk/bin

This is the point where you will have to start, stop, and reset Splunk. When you first start your terminal (restart the terminal, reboot your chromebook ect) you will have to open the terminal and navigate back with cd Splunk/splunk/bin and start it again. The start command is ./splunk start

** The first time you will either have to scroll through the license and accept or you can skip that scrolling and accept it by entering: ./splunk start --accept-license

You will also have to create a admin username and password for this splunk instance first time

The URL it gives me for the splunk interface is http://penguin:8000

Now you might be tempted to change over to chrome and open that web interface (like i did) but find that address is not accessible. That's because the Crostini Linux is sandboxed from the Linux ChromeOS runs in.

You will need a browser in the Crostini Linux to run it from. Now you can google how to install a few different browsers in Linux but since this machine is Chrome I decided to install Firefox in the Crostini Linux.

Enter > cd < to go back to default directory and then enter the following commend to install Firefox: sudo apt install firefox-esr

(^^ You can install whatever browser you want as long as Splunk supports it in Linux ^^)

If Firefox does not open on its own after it installs (or after this first time) you can go into the Chrome Launcher and scroll down to the Linux apps folder to open your browser. You can then put the Splunk interface URL into your browser that is running in your sandboxed Crostini Linux to access the Splunk instance that is running in that same sandbox.

0 Karma

Path Finder

As far as I know you can't. Not with a stock chromebook anyway. To clarify, you can install the Splunk tar file on the system as a non root user, but most of the chromebooks have very low compute resources (such as hard drive space, procs, and ram). To install splunk you will have to access the crosh shell, then install it like regular Splunk on linux. There are no dependencies that I'm aware of that will prevent the install, its mostly just a matter of compute resources. As far as I've read, crosh only gives you sudo access as well. Hope that helps, but here are some links for more info.

How to access and use the crosh shell: https://software.intel.com/en-us/blogs/2014/08/18/two-simple-ways-to-get-to-the-chrome-os-shell

Crosh shell builtin commands: http://www.howtogeek.com/170648/10-commands-included-in-chrome-oss-hidden-crosh-shell/

View solution in original post

Contributor

Thank you!

0 Karma

Path Finder

no problem...there is also Splunk Storm which you could access through a web app from any system. I'll be honest, though, I've never really used it and don't know much about it.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!