Installing splunk on linux
Create a Splunk account follow the links to the download. Then look for the link to fetch via wget.It’s kind of hard to spot but eventually I found it. Optionally you can download to your laptop and scp to your server etc.
On your server
root@host:#cd /tmp root@host:/tmp# sudo wget -O splunk-6.6.1-aeae3fe0c5af-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.1&product=splunk&filename=splunk-6.6.1-aeae3fe0c5af-linux-2.6-amd64.deb&wget=true' root@host:/tmp# sudo dpkg -i splunk-6.6.1-aeae3fe0c5af-linux-2.6-amd64.deb
Once the install is complete. Check the status
root@host:/tmp# dpkg --status splunk
Package: splunk
Status: install ok installed
Maintainer: Splunk Inc. <info@splunk.com>
Architecture: amd64
Version: 6.6.1
Description: Splunk The platform for machine data.Lets Start Splunk!
root@host:/tmp#/opt/splunk/bin/splunk start --accept-licenseAccept the EULA, and Configure Splunk to start at boot time
root@host:/tmp# /opt/splunk/bin/splunk enable boot-start
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.Your server should be ready on http://hostname:8000 First login
User: Admin
Password: changeme
Thats it!
Next we will hook up to our windows 2008 R2 with Sysmon logging.
-SmUrF3R5
