How To Install and Configure Splunk on RHEL 7 in AWS
1. How To Install and Configure Splunk on RHEL 7 in AWS
i | P a g e
Table of Contents
Overview.......................................................................................................................................................1
Applies To......................................................................................................................................................1
Pre-Requisites ...............................................................................................................................................1
Installation and Configuration procedure.....................................................................................................1
Check Package...........................................................................................................................................1
Download Package....................................................................................................................................1
Install Package...........................................................................................................................................2
Verify Installation......................................................................................................................................2
Firewall Configuration...................................................................................................................................3
Firewall Configuration – Open TCP Port ...................................................................................................3
Firewall Configuration – Reload................................................................................................................3
Firewall Configuration – List .....................................................................................................................3
Splunk – Configuration File.......................................................................................................................4
Default Configuration File – Snippet.....................................................................................................4
Start First Time..........................................................................................................................................4
Switch to Splunk User ...........................................................................................................................4
Start Splunk...........................................................................................................................................4
Accept License.......................................................................................................................................5
Web Interface URL................................................................................................................................5
Launch Portal ................................................................................................................................................6
New Password.......................................................................................................................................6
Dashboard.............................................................................................................................................7
2. How To Install and Configure Splunk on RHEL 7 in AWS
1 | P a g e
Overview
Splunk Enterprise is a software platform to search, analyze, and visualize the machine-generated data
gathered from the websites, applications, sensors, devices, and so on, that comprise your IT
infrastructure or business.
After you define the data source, Splunk Enterprise indexes the data stream and parses it into a series of
individual events that you can view and search.
You can use the search processing language or the interactive pivot feature to create reports and
visualizations.
Splunk has different editions to download. To demonstrate download, install and configure these options
on free edition.
Applies To
Tested on RHEL 7.
Pre-Requisites
64 Bit OS, 6.3.1 only on kernel version 2.6 and 3.0 ; 32 bit versions have been deprecated.
Installation and Configuration procedure
First of all, we will check if the package is already installed else we will install the packages.
Check Package
Check if the package is already installed, to check package installation status, run the command;
rpm -qa | grep splunk*
Download Package
After registering the splunk website, click on download the package, to download from cli run the utility
command;
wget http://download.splunk.com/products/splunk/releases/6.3.1/splunk/linux/splunk-6.3.1-
f3e41e4b37b2-linux-2.6-x86_64.rpm
Note: We are downloading “Free Splunk” edition
3. How To Install and Configure Splunk on RHEL 7 in AWS
2 | P a g e
Install Package
After downloading the package change the package permission and Install the package, to install run the
command;
Note: user and group id for splunk will be created automatically.
chmod 744 splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
rpm -i --prefix=/opt splunk-6.3.1-f3e41e4b37b2-linux-2.6-x86_64.rpm
Verify Installation
After installing the splunk package verify if the package is installed, to check package installation status,
run the command;
rpm -qa | grep splunk*
4. How To Install and Configure Splunk on RHEL 7 in AWS
3 | P a g e
Firewall Configuration
Splunk application works on TCP port “8000” and this port needs to be opened in order to listen and
launch the management portal. On AWS these steps are not required. For demonstration purpose we
will configure it.
Firewall Configuration – Open TCP Port
After installing and checking the default configuration, the next step that needs to be done is to open
firewall port, it runs on tcp port 8000.
firewall-cmd --permanent --add-port=8000/tcp
Firewall Configuration – Reload
Reload the firewall configuration.
firewall-cmd --reload
Firewall Configuration – List
After reloading firewall daemon, list the current rules set.
firewall-cmd --list-all
5. How To Install and Configure Splunk on RHEL 7 in AWS
4 | P a g e
Splunk – Configuration File
Default configuration file , run command;
grep -v "^$" /opt/splunk/etc/splunk-launch.conf | grep -v '^ *#'
Default Configuration File – Snippet
SPLUNK_HOME=/opt/splunk
SPLUNK_SERVER_NAME=Splunkd
SPLUNK_WEB_NAME=splunkweb
Start First Time
Switch to Splunk User
Splunk application is installed with splunk user and group id, hence we need to switch to user “splunk” to
start the application. Upon starting application for the first time you need to accept the license agreement.
sudo su - splunk
Start Splunk
cd /opt/splunk/bin
./splunk start
Alternatively, you can accept the license information from the start command itself, run the below
command;
splunk start --answer-yes --no-prompt --accept-license
6. How To Install and Configure Splunk on RHEL 7 in AWS
5 | P a g e
Accept License
Accept the license agreement to continue with the RSA Key generation.
Web Interface URL
After configuring the splunk application, web interface is configured and bind to hostname and port 8000.
7. How To Install and Configure Splunk on RHEL 7 in AWS
6 | P a g e
Launch Portal
Launch the portal from the browser.
http://servername:8000/
After installing you can launch the admin portal from the browser, admin password has to be changed
when you launch it for the first time. Enter the default user “admin” and default password “changeme”
and click on “Sign in” button.
New Password
After sign in, you will have to set new password and confirm the new password again for the admin user
and click on “Save Password” button, to launch the default page.
8. How To Install and Configure Splunk on RHEL 7 in AWS
7 | P a g e
Dashboard
After setting the new password, you will be redirected to default dashboard.