How to Install & Configure Splunk Monitoring Tool on Ubuntu

Splunk is a powerful log analysis tool used for searching, monitoring, and analyzing machine-generated big data from a web browser. It helps you simplify log data from servers and networking devices into a simple format that you can easily read and digest. It supports all major operating systems including Windows, Linux, and Mac OS. It is easily scalable, fully integrated, and supports both local and remote data sources.

Installation

  • Update the system.

    apt-get update -y

  • Install Splunk.

          wget https://download.splunk.com/products/splunk/releases/8.0.5/linux/splunk-8.0.5-a1a6394cc5ae-linux-2.6-amd64.deb

 

Fig 1

 

  • Download is completed now install the downloaded file with the following command:

          dpkg -i splunk-8.0.5-a1a6394cc5ae-linux-2.6-amd64.deb

 

Fig 2

 

  • Enable the Splunk service at system boot.

         /opt/splunk/bin/splunk enable boot-start

  • Press Enter & accept the license agreement as shown below:

 

Fig. 3

 

  • Type y & press enter.
  • Provide the splunk username.

 

Fig. 5

 

  • Then provide the password.

 

Fig. 6

 

  • Start Splunk Service

service splunk start

  • Now access Splunk Web Interface.
  • Open web browser & access the Splunk interface using the URL  http://your-server-ip:8000

 

Fig. 7

 

  • Click on Add Data.

 

Fig. 8

 

  • Click on Monitor.

 

Fig.9

 

  • Click on Files & Directories.
  • Click on Next.

 

Fig.10

 

  • Click on Browser & set the target folder.
  • Click on Next.

 

Fig.11

 

  • Select the target folder.

 

Fig.12

 

  • Save the Source type.
  • Click on Next.

 

Fig.18

 

  • Check the host field value.
  • Click on Review.

 

Fig.14

 

  • Review all the configuration.
  • Click on Submit.

 

Fig.15

 

  • Click on Start Searching.

 

Fig.16

 

  • We can search the log and can set the alert on logs.

 

Fig.17

 

Leave a Reply