So you want to use Splunk? Well, let’s start with the basics. In this hands-on lab, you are given the opportunity to install Splunk Enterprise on a CentOS 7 cloud server, manually create the administrator credentials, configure Splunk to start on boot, and explore the Splunk Enterprise web console.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- As the “root” user, install Splunk Enterprise using the RPM in the “root” user’s home directory
Become the
rootuser:sudo su -Install Splunk:
cd ~ rpm -i splunk-7.2.4.2.rpm- Manually create the administrator credentials without starting Splunk
Become the
rootuser:sudo su -The file
/opt/splunk/etc/system/local/user-seed.confshould contain the following:[user_info] USERNAME = admin PASSWORD = $p|unkEnt3rpr!$e- Configure Splunk to start on boot and accept the Splunk Enterprise license
Become the
rootuser:sudo su -Enable boot-start and accept the Splunk Enterprise license:
/opt/splunk/bin/splunk enable boot-start --accept-license- Start Splunk
Become the
rootuser:sudo su -Start Splunk:
/opt/splunk/bin/splunk start- Log in to and explore the Splunk Enterprise web console using your public IP address and the admin credentials created earlier
In your web browser, go to
http://your_public_ip_address:8000.Log in as the user
adminand password$p|unkEnt3rpr!$e.Explore the Splunk Enterprise web console.
