Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Elasticsearch -> Splunk : Getting started?

lrodrigues99
New Member
‎11-22-2021 07:37 AM

Good morning. I support a application development effort which is transitioning from Elasticsearch to Splunk. 

I would like to setup a POC test instance/cluster of splunk on our dev network.

With elastic, I would dimply download an RPM ang get started.

With splunk, it is unclear to me how to get started (reading docs), regarding licensing and which files I can download.

Apologies for the low level questions, but where can I get started?  Which file can I download to start install an instance, and hopefully created a small (3/4 node) cluster for POC?

Thanks,

Larry

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-22-2021 08:15 AM

I recommend starting with a single standalone instance of Splunk before venturing into clustering.  Walk before you run.

As for which file to download, you will need to start with Splunk Enterprise so go to https://www.splunk.com/en_us/download/splunk-enterprise.html and download the RPM. Don't worry about licensing as it comes with a built-in 60-day license.

Depending on where your data resides, you may also need to download and installed one or more Universal Forwarders from https://www.splunk.com/en_us/download/universal-forwarder.html and configure it to send data to the Splunk Enterprise instance.  See https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Abouttheuniversalforwarder for how to do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2021 08:09 AM

Hi @lrodrigues99,

with Splunk you can download a free instance (max 500 MB/day) and use it for 60 days with full features, and then with a subset of features.

If for your PoC you need more volume of logs, you can ask to Splunk a trial version for a more limited time period (usually 2 weeks).

To download a free installation you need only an account on splunk.com.

Installation depends on the Operative system you're using for the Splunk server.

If Linux, you have to download an rpm or a tar, explode it and then run a command.

./splunk start --accept-license

You can find the installation procedure at https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonLinux

You can also find some videos that describe this procedure https://www.splunk.com/en_us/resources/videos/installing-splunk-enterprise-on-linux.html

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...