Step-by-Step Guide: Installing Splunk Enterprise on Linux | By Cybersecurity Specialist
In this comprehensive tutorial, we’ll walk through the process of installing Splunk Enterprise on Linux systems. Whether you’re a beginner or need a quick refresher, this video covers everything you need to know.
Install oracle virtual box:
https://www.virtualbox.org/wiki/Downloads
Install Linux:
http://isoredirect.centos.org/centos/7/isos/x86_64/
Centos Commands
Uname -r
Ip addr show
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
Create a file named /etc/sysconfig/network-scripts/ifcfg-eth0 as follows:
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
ONBOOT=yes
IPADDR=192.168.1.200
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS1=8.8.8.8
DNS2=8.8.4.4
PREFIX=24
Restart network service: systemctl restart network
ping google.com
Install Splunk
Cd /opt/
wget -O splunk-9.0.0-6818ac46f2ec-Linux-x86_64.tgz “https://download.splunk.com/products/splunk/releases/9.0.0/linux/splunk-9.0.0-6818ac46f2ec-Linux-x86_64.tgz”
tar -xvzf splunk-9.0.0-6818ac46f2ec-Linux-x86_64.tgz
/opt/splunk/bin/splunk start –accept-license
/opt/splunk/bin/splunk stop
useradd splunk
passwd splunk
chown -R splunk: /opt/splunk
cd /etc/sudoers
vi sudoers
vi /etc/sudoers
Su splunk
/opt/splunk/bin/splunk start
master-splunk master-splunk.com
sudo /opt/splunk/bin/splunk enable boot-start
/opt/splunk/bin/splunk stop
vi /opt/splunk/etc/splunk-launch.conf
#Binding the ip here
SPLUNK_BINDIP=192.168.1.200
vi /opt/splunk/etc/system/local/web.conf
[settings]
mgmtHostPort = 192.168.1.200:8089
/opt/splunk/bin/splunk start
netstat -an | grep 8000
yum install -y net-tools
sudo netstat -lpt | grep splunkd
netstat -tulnp| grep splunkd
sudo firewall-cmd –list-ports
sudo firewall-cmd –zone=public –add-port=8000/tcp –permanent
sudo firewall-cmd –reload
sudo firewall-cmd –list-ports
centos 7
