Installing Splunk on Linux

You can get Splunk Enterprise for Linux on the Splunk website, starting at this URL: https://www.splunk.com/en_us/download/splunk-enterprise.html.

Create a free account with Splunk from this page, or log in if you already have one. On the Choose Your Download page, click the tab for the operating system (Linux, in this case), and select one of the packaging options—.deb, .tgz, or .rpm. We will choose an .rpm for this example, as the OS is Red Hat Enterprise Linux (RHEL) Server release 7.5 (obtained by typing cat /etc/redhat-release in a Terminal).

Clicking the Download button next to .rpm will start a download process, but it also reveals a link you can click to download the rpm using the command line (wget) – we'll use this option. Clicking the link opens a message box where you can copy the wget command (in this case, your exact filename of the rpm will vary, depending on the version of Splunk you're downloading):

wget -O splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64andplatform=linuxandversion=7.1.1andproduct=splunkandfilename=splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpmandwget=true'

Logged in with a Terminal as root on your Linux server, from any directory (I used /root), paste the preceding command and press Enter. If you get an error message command not found, you'll need to install wget by typing yum install wget -y.

After verifying that rpm downloaded successfully, install it:

rpm -i splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm

The rpm will install Splunk in the /opt/splunk directory, and all files should have the owner and group as Splunk. That's it!