How to install Splunk on CentOS 7

To install Splunk on CentOS 7

Splunk is the most powerful tool for exploring and searching data from real time applications, web servers, databases, server platforms, cloud networks etc. Splunk makes the search simple by collecting, analyzing and to broach the value of massive data generated by any business applications, which in turn gives you performance of the business result. Before beginning the installation procedure, check whether the target system contains 64-bit architecture. This tutorial explains the installation procedure of Splunk on CentOS 7.

Installation procedure

To proceed with the installation procedure, go to https://www.splunk.com/en_us/download/splunk-enterprise.html official site to download splunk package. You need to create an account in Splunk website before downloading the package.

Now create a user and group for splunk by running the set of commands. 

[root@linuxhelp1 ~]# groupadd splunk
[root@linuxhelp1 ~]# useradd -d /opt/splunk -m -g splunk splunk

Check your OS architecture by executing the below command

[root@linuxhelp1 ~]# uname -r
3.10.0-514.26.2.el7.x86_64

Extract the downloaded splunk package by running the tar command followed by the downloaded zip file. 

[root@linuxhelp1 ~]# tar -xzvf splunk-6.6.3-e21ee54bc796-Linux-x86_64.tgz
splunk/
splunk/etc/
splunk/etc/deployment-apps/
splunk/etc/deployment-apps/README
splunk/etc/apps/
splunk/etc/apps/gettingstarted/
splunk/etc/apps/gettingstarted/locale/
splunk/etc/apps/gettingstarted/locale/ko_KR/
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/messages.po
splunk/etc/apps/gettingstarted/locale/ko_KR/LC_MESSAGES/messages.mo
splunk/etc/apps/gettingstarted/locale/messages.pot
splunk/etc/apps/gettingstarted/locale/zh_CN/
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/messages.po
splunk/etc/apps/gettingstarted/locale/zh_CN/LC_MESSAGES/messages.mo
splunk/etc/apps/gettingstarted/locale/ja-JP/
splunk/etc/apps/gettingstarted/locale/ja-JP/LC_MESSAGES/
.
.
.
splunk/share/splunk/search_mrsparkle/exposed/build/jscharting/index.js
splunk/share/splunk/search_mrsparkle/exposed/robots.txt
splunk/share/splunk/search_mrsparkle/exposed/fallback/
splunk/share/splunk/search_mrsparkle/exposed/fallback/dashboard.js
splunk/share/splunk/search_mrsparkle/exposed/fallback/dashboard.css
splunk/share/splunk/search_mrsparkle/exposed/xml/
splunk/share/splunk/search_mrsparkle/exposed/xml/print.xml
splunk/share/copyright.txt

After extracting the downloaded package, copy all the content inside splunk directory to /opt/splunk directory which is the default home directory for splunk user that we have set in previous step. 

[root@linuxhelp1 ~]# cp -rp splunk/* /opt/splunk/

Now change the ownership to splunk user

[root@linuxhelp1 ~]# chown -R splunk: /opt/splunk/

Switch to splunk user account and move to bin directory by executing the following command and list the files. 

[root@linuxhelp1 ~]# su - splunk
[splunk@linuxhelp1 ~]$ ls
bin  copyright.txt  etc  ftr  include  lib  license-eula.txt  openssl  README-splunk.txt  share  splunk-6.6.3-e21ee54bc796-linux-2.6-x86_64-manifest
[splunk@linuxhelp1 ~]$ cd bin
[splunk@linuxhelp1 bin]$ ls
bloom      coldToFrozenExample.py  genSignedServerCert.py  jsmin      parsetest             recover-metadata                setSplunkEnv  splunk-optimize      tsidx_scan.py
bottle.py  copyright.txt           genSignedServerCert.sh  locktest   parse_xml_buckets.py  rest_handler.py                 signtool      splunk-optimize-lex  untarit.py
btool      dbmanipulator.py        genWebCert.py           locktool   pcregextest           runScript.py                    slim          srm                  walklex
btprobe    exporttool              genWebCert.sh           mongod     pid_check.sh          safe_restart_cluster_master.py  splunk        tarit.py
bzip2      fill_summary_index.py   importtool              mongod_cc  python                scripts                         splunkd       tocsv.py
cherryd    genAuditKeys.py         installit.py            node       python2               scrubber.py                     splunkdj      tsidxprobe
classify   genRootCA.sh            jars                    openssl    python2.7             searchtest                      splunkmon     tsidxprobe_plo

From the bin directory of splunk user execute the below command to install splunk onto your local machine.

[splunk@linuxhelp1 bin]$ ./splunk start --accept-license
This appears to be your first time running this version of Splunk.
Copying ' /opt/splunk/etc/openldap/ldap.conf.default'  to ' /opt/splunk/etc/openldap/ldap.conf' .
Generating RSA private key, 2048 bit long modulus
..........+++
.....................+++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 2048 bit long modulus
...................................................................+++
...................+++
e is 65537 (0x10001)
writing RSA key
Moving ' /opt/splunk/share/splunk/search_mrsparkle/modules.new'  to ' /opt/splunk/share/splunk/search_mrsparkle/modules' .

Splunk>  See your world.  Maybe wish you hadn' t.
Checking prerequisites...
Checking http port [8000]: open
Checking mgmt port [8089]: open
Checking appserver port [127.0.0.1:8065]: open
Checking kvstore port [8191]: open
Checking configuration...  Done.
Creating: /opt/splunk/var/lib/splunk
Creating: /opt/splunk/var/run/splunk
.
.
.
Signature ok
subject=/CN=linuxhelp1/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
 [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available........... Done

If you get stuck, we' re here to help.  
Look for answers here: http://docs.splunk.com

Now splunk is installed in the target system. Switch over to the browser and goto link http://127.0.0.1:8000. The login page of Splunk appears on the screen.

For security purposes, change the password from default to another password.

The dashboard of the Splunk is shown to the user as follows.

The installation procedure of Splunk on CentOS 7 is done without any glitches.

Tag : CentOS Linux app
Comment
jb0999
Dec 18 2017
Stunning, Worked just as you say. I did how ever use the WGET CLI commands on the Splunk page instead of downloading via the GUI. Many thanks for you page. JB
Add a comment
FAQ
Q
How to clear splunk search history?
A
Delete the following file on Splunk server
$splunk_home/var/log/splunk/searches.log
Q
What is difference between splunk app and splunk add on?
A
Basiclly both contains preconfigured configuration and reports etc but splunk add on do not have visual app. Splunk apps have preconfigured visual app
Q
How to disable Splunk launch message?
A
Set value OFFENSIVE=Less in splunk_launch.conf
Q
where to download the splunk package for centos?
A
download splunk package for centos to refer the following link
https://www.splunk.com/en_us/download/splunk-enterprise.html
Q
what is the use of installing splunk in centos?
A
Splunk is the most powerful tool for exploring and searching data from real time applications, web servers, databases, server platforms, cloud networks etc. Splunk makes the search simple by collecting, analyzing and to broach the value of massive data generated by any business applications, which in turn gives you performance of the business result. Before beginning the installation procedure, check whether the target system contains 64-bit architecture