How To Install Splunk on Ubuntu 22.04 LTS

Install Splunk on Ubuntu 22.04

In this tutorial, we will show you how to install Splunk on Ubuntu 22.04 LTS. For those of you who didn’t know, Splunk is aimed to process the data to make it useful for the user without manipulating the original data. It is one of the most powerful tools for analyzing, exploring, and searching data. It reads most of the output format from virtual machines, network devices, firewall, Unix-based and Windows based devices.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Splunk on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo useror access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Splunk on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2

Step 2. Installing Splunk on Ubuntu 22.04.

By default, OneDrive is not available on Ubuntu 22.04 base repository. Now go to Splunk official website and click on the Free Splunk button on the top right corner of your screen. After that, you have to create an account in order to download the installer. Make sure you select Software Download instead of Cloud Trial.

Install Splunk on Ubuntu 22.04 LTS Jammy Jellyfish

Once the download is completed, run the following command to install .deb package:

sudo dpkg -i splunk-9.0.1-77015bc7a462-linux-2.6-amd64.deb

After that, let’s run the script that will not only enable Splunk service at boot level but also let us set up login details:

sudo /opt/splunk/bin/splunk enable boot-start

Finally, we can start the Splunk service with the command below:

sudo systemctl start splunk

Step 3. Configure Firewall.

Now we set up an Uncomplicated Firewall (UFW) with Splunk to allow public access on default web ports 8000:

sudo ufw allow 8080
sudo ufw enable

Step 4. Accessing Splunk Web Interface.

Once successfully installed, open your web browser and access the Splunk installation wizard using the URL https://your-IP-adress:8000. You will be redirected to the following page:

Install Splunk on Ubuntu 22.04 LTS Jammy Jellyfish

Congratulations! You have successfully installed Splunk. Thanks for using this tutorial for installing Splunk on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Splunk website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!