Splunk takes data that is spread out far and wide in your organization’s IT infrastructure and puts it all in one place. It allows you to search through the data, create alerts to notify personnel when certain conditions are made, and generate reports that are not only easy on the eyes but specific to what you want to display conveniently from a web interface. Easy right?
Also, make sure that you have a system that already has its basic configuration and hardening completed. For example, static ip address, updates/patches, time, sudo privileges etc.
Installing Splunk on an Ubuntu Server(14.04 +)
For this demonstration, we will install Splunk using an installer package downloaded from the internet. As there is not a desktop environment present in our Ubuntu server instance, we will utilize the CLI to accomplish this goal.
To prepare for downloading the installer, switch to your home directory:
cd /home/[user] or cd ~
Why extract the archive to the /opt directory?
Change directories to /opt and list its contents:
You should see the directory splunk that was extracted from our archive file.
From the /opt directory, change directories to splunk/bin
This gives you the socket to access your Splunk web interface.
Once the portal loads, you can login to it by using the default username of admin and password of changeme
And then you will be presented with the dashboard as seen below: