Splunk on Kali Linux

How to install and configure splunk on Kali Linux

Introduction about splunk

Splunk supports all major OS versions, has very straightforward installation steps, and can run in less than 10 minutes on any platform. This task will only focus on installing Splunk Enterprise on the Linux host. Typically, we would create an account on splunk.com and go to this Splunk Enterprise download link to select the installation package for the latest version. As of the time of writing, 9.2.0.1 is the newest version available on its website.

Steps of installation

Now I will walk you through the installation steps in detail.

Go to splunk.com and then on the dashboard click on the products dropdown.

In the products dropdown, you will see the option of free trials and downloads click on that.

After that, you will see a page to download splunk enterprise. Click on Get my free trial, you will be redirected to make a new account.

After signing up, go back to the process where you left off and click on Get my free trial for Splunk Enterprise, you will be redirected to a page like the picture shown below.

Click on download now and cancel it when the .deb file starts downloading we will be installing it with Kali’s CLI (Command-Line Interface).

Click on download via Command Line(wget).

wget is a command-line utility for downloading files from the web.

Open your terminal as a root user and paste the command.

The command dpkg -iis used in Debian-based Linux distributions to install a package from a .deb file.

After downloading and installing the splunk packages, now by using the command cd (change directory) go to the path cd /opt/splunk/bin .

So we are going to run the splunk file. Now just type cd to go to the root directory and type the command cd /opt/splunk/bin/splunk enable boot-start.After you do that you will be redirected to accept the terms and conditions so scroll down and type y to accept the terms and conditions(of course after reading it).

So after that, you will be redirected to set your username and password for Splunk. Remember this because you would use this to log in to your splunk when you are running it in your local host(127.0.0.1).

Now start the splunk service.

Splunk runs on port number 8000, so go to your browser and type 127.0.0.1:8000 and you will be redirected to the splunk console to log in with your username and password which we set after accepting the terms and conditions.

After entering your credentials you will be redirected to the splunk interface.

Happy Splunking !!!