Installation

Instructions for installing Splunk on an Ubuntu server: 12.04.1 LTS?

New Member

Anyone have instructions for installing Splunk on an Ubuntu server: 12.04.1 LTS?
All of the documentation I've found is seriously out of date.
On another note: Does anyone know if Splunk will run on Ubuntu Desktop? That may be an easier option.

Labels (1)
Tags (3)
0 Karma
1 Solution

Influencer

Hi,

The easiest method for installing Splunk on Linux, would be as follows (preferrably using sudo/su):

  • Download Splunk to the server, specifically the tarball version (.tgz) from http://www.splunk.com/download?r=header
  • Copy the Splunk archive to your directory of choice for install (typically '/opt')
  • Unwrap the tarball using a command such as tar xzvf <splunkfile>.tgz in the directory containing the file
  • Change into the newly created splunk directory, and then into the bin directory (e.g. cd /opt/splunk/bin)
  • Start Splunk, (e.g. ./splunk start)
  • Read the EULA and confirm
  • Let Splunk work it's magic, answering question where required
  • Job Done, Splunk should be accessible via http://yourSplunkServer:8000

Hope this helps.

View solution in original post

New Member

The only trick was getting the download onto the server. My solution of using FTP worked for me. Others may be able to get WGET to work, but I couldn't. The posts by MHibbin were very helpful.

0 Karma

New Member

I tried using wget, but didn't make any progress. I suspect it was waiting for me to login so I could download the file. I do not believe wget has script awareness, and as such doesn't do much good with the URL I tried.

0 Karma

New Member

OK I got it.
I downloaded the tarball to my PC, uploaded to my FTP server.
From UBUNTU server I downloaded tarball (binary!!) and was then able to complete the install.

I tried the wget process, but you must have some different apps installed than I do. (I'm very new to Ubuntu server, but fair with Ubuntu desktop).

Thanks for your patience.

0 Karma

Builder

Hi slowry,

Are you using wget from the command line in a terminal window? Wget does not have a graphical user interface. I think wget should be installed by default, but if it isn't, you can always do this:

sudo apt-get install wget

If you have the .deb or .tgz file downloaded locally, you don't have to go through an FTP server. Your Ubuntu server probably has sshd installed, so you can scp it from the command line:

scp <splunkfile> <your_user_name>@<your_server>:

If you do not have sshd insstalled, do this on your server:

sudo apt-get install openssh-server
0 Karma

Influencer

Included the link to downloads in my link, you just need to download the package from there that meets your need.. If you have wget on you server, once you have progressed to select a download, you will be given an option to use wget commands, which Splunk have kindly prepared for you... So you will need to copy and paste that command.

0 Karma

New Member

My Bad.
I have seen these documents, but they assume I've download to the server. Downloading to the server seems to be my obstacle. What URL do I use for the tarball or the debian package?

0 Karma

Influencer

Hi,

The easiest method for installing Splunk on Linux, would be as follows (preferrably using sudo/su):

  • Download Splunk to the server, specifically the tarball version (.tgz) from http://www.splunk.com/download?r=header
  • Copy the Splunk archive to your directory of choice for install (typically '/opt')
  • Unwrap the tarball using a command such as tar xzvf <splunkfile>.tgz in the directory containing the file
  • Change into the newly created splunk directory, and then into the bin directory (e.g. cd /opt/splunk/bin)
  • Start Splunk, (e.g. ./splunk start)
  • Read the EULA and confirm
  • Let Splunk work it's magic, answering question where required
  • Job Done, Splunk should be accessible via http://yourSplunkServer:8000

Hope this helps.

View solution in original post

Path Finder

Worked like a champ! Thank you @MHibbin

0 Karma

Influencer

@echalex's method is also good if you want to download the Debian package... I out of habit (perhaps bad... perhaps good) use the tgz files.

0 Karma

Builder

In what sense are the installation instructions out of date? The documentation for 5.0 seems to missing, but you can find the documentation for 4.3.4 right here.

It's as simple as a sudo dpkg -i splunk-4.3.4-136012-linux-2.6-amd64.deb.

Splunk will run quite nicely on Ubuntu Desktop, but it's neither harder nor easier to install.