Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Elasticsearch -> Splunk : Getting started?

lrodrigues99
New Member
‎11-22-2021 07:37 AM

Good morning. I support a application development effort which is transitioning from Elasticsearch to Splunk. 

I would like to setup a POC test instance/cluster of splunk on our dev network.

With elastic, I would dimply download an RPM ang get started.

With splunk, it is unclear to me how to get started (reading docs), regarding licensing and which files I can download.

Apologies for the low level questions, but where can I get started?  Which file can I download to start install an instance, and hopefully created a small (3/4 node) cluster for POC?

Thanks,

Larry

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-22-2021 08:15 AM

I recommend starting with a single standalone instance of Splunk before venturing into clustering.  Walk before you run.

As for which file to download, you will need to start with Splunk Enterprise so go to https://www.splunk.com/en_us/download/splunk-enterprise.html and download the RPM. Don't worry about licensing as it comes with a built-in 60-day license.

Depending on where your data resides, you may also need to download and installed one or more Universal Forwarders from https://www.splunk.com/en_us/download/universal-forwarder.html and configure it to send data to the Splunk Enterprise instance.  See https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Abouttheuniversalforwarder for how to do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2021 08:09 AM

Hi @lrodrigues99,

with Splunk you can download a free instance (max 500 MB/day) and use it for 60 days with full features, and then with a subset of features.

If for your PoC you need more volume of logs, you can ask to Splunk a trial version for a more limited time period (usually 2 weeks).

To download a free installation you need only an account on splunk.com.

Installation depends on the Operative system you're using for the Splunk server.

If Linux, you have to download an rpm or a tar, explode it and then run a command.

./splunk start --accept-license

You can find the installation procedure at https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonLinux

You can also find some videos that describe this procedure https://www.splunk.com/en_us/resources/videos/installing-splunk-enterprise-on-linux.html

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...