Setup and Configuration

We'll run through deploying Splunk, setting SSL certs, and roles.

SSO/SAML isn't available in the free edition.

Virtual Machine

Deploy a standard VM. We're using Ubuntu 24.04.

Sign into your Splunk portal, and grab the .deb package link

$ wget -O splunk-10.0.2-e2d18b4767e9-linux-amd64.deb "https://download.splunk.com/products/splunk/releases/10.0.2/linux/splunk-10.0.2-e2d18b4767e9-linux-amd64.deb"

Install the package

$ sudo dpkg -i splunk-10.0.2-e2d18b4767e9-linux-amd64.deb

Check it's installed

$ dpkg --status splunk
Package: splunk
Status: install ok installed
Maintainer: Splunk Inc. <[email protected]>
Architecture: amd64
Version: 10.0.2
Description: Splunk The platform for machine data.

Start it

cd /opt/splunk
sudo ./splunk start

Accept the general terms and conditions

Do you agree with this license? [y/n]: y

Wait for the self-signed certs to be generated

Warning: ignoring -extensions option without -extfile
Certificate request self-signature ok
subject=CN = splunk, O = SplunkUser
Done


Waiting for web server at http://127.0.0.1:8000 to be available........................................ Done


If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://splunk:8000

PreviousSplunk NextIntroduction to KQL

Last updated 6 days ago