Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Elasticsearch -> Splunk : Getting started?

lrodrigues99
New Member
‎11-22-2021 07:37 AM

Good morning. I support a application development effort which is transitioning from Elasticsearch to Splunk. 

I would like to setup a POC test instance/cluster of splunk on our dev network.

With elastic, I would dimply download an RPM ang get started.

With splunk, it is unclear to me how to get started (reading docs), regarding licensing and which files I can download.

Apologies for the low level questions, but where can I get started?  Which file can I download to start install an instance, and hopefully created a small (3/4 node) cluster for POC?

Thanks,

Larry

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-22-2021 08:15 AM

I recommend starting with a single standalone instance of Splunk before venturing into clustering.  Walk before you run.

As for which file to download, you will need to start with Splunk Enterprise so go to https://www.splunk.com/en_us/download/splunk-enterprise.html and download the RPM. Don't worry about licensing as it comes with a built-in 60-day license.

Depending on where your data resides, you may also need to download and installed one or more Universal Forwarders from https://www.splunk.com/en_us/download/universal-forwarder.html and configure it to send data to the Splunk Enterprise instance.  See https://docs.splunk.com/Documentation/Forwarder/8.2.3/Forwarder/Abouttheuniversalforwarder for how to do that.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-22-2021 08:09 AM

Hi @lrodrigues99,

with Splunk you can download a free instance (max 500 MB/day) and use it for 60 days with full features, and then with a subset of features.

If for your PoC you need more volume of logs, you can ask to Splunk a trial version for a more limited time period (usually 2 weeks).

To download a free installation you need only an account on splunk.com.

Installation depends on the Operative system you're using for the Splunk server.

If Linux, you have to download an rpm or a tar, explode it and then run a command.

./splunk start --accept-license

You can find the installation procedure at https://docs.splunk.com/Documentation/Splunk/latest/Installation/InstallonLinux

You can also find some videos that describe this procedure https://www.splunk.com/en_us/resources/videos/installing-splunk-enterprise-on-linux.html

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top