Splunk is a software platform to help you getting insights about your business from the data gathered from your IT infrastructure. It helps capture, index and correlate real-time data in a searchable repository, from which it can generate graphs, reports, alerts, dashboards and visualizations.
Splunk uses machine data for identifying data patterns, providing metrics, diagnosing problems and providing intelligence for business operations. It reads most of the output format from virtual machines, network devices, firewall, Unix-based and Windows based devices.
In this article, we will show you how to install Splunk on Ubuntu. The guide is applicable to older versions of Ubuntu and many as well as Linux distros based on Ubuntu, such as Linux Mint or Pop! OS.
- Indexing: Splunk categorizes data: syntactically analyzes each input source/type and adds a dictionary of keywords so that the data can be searched.
- Data model: Splunk provides the ability to create hierarchies of one or more indexed data fields.
- Representation (Pivot): Splunk provides a Pivot Editor feature that helps users to represent data models in the form of tables, charts, and visual graphs. Pivots can be saved as reports or saved to pivot tables.
- Search (Search) : search in all indexed databases. The returned results are rows of data that match the search criteria. All alerts, reports, and charts are based on search results. Splunk uses a separate set of syntax for searching, the Splunk Search Processing Language (SPL).
- Alerts: Issue alerts, based on real-time or historical search results, in the form of mail and/or run automated scripts to initially troubleshoot. Alerts can be generated directly from a search result or a statistic.
- Report : Reports are saved searches and graphs. Reports can be generated instantaneously, periodically or over a period of time. Reports can also be set to output alerts and can be included in dashboards.
- Dashboard: Create a summary of statistics, charts, and warnings. Dashboard helps to focus on tracking the same object, which is a data type or a collection of multiple data types.
Splunk is divided into server (Splunk) and client (Splunkforwarder). Splunk's servers are indexers and sinks. The client is the forwarder of the data. As the name implies, data can be forwarded from the client to the server for indexing. Splunk can run on both 32-bit and 64-bit system.
Update the system
Before installing any new package or application, it is recommended that you update your system, GNOME Deksktop is no exception. To do this, run the commands below which invoke
apt package manager to fetch a fresh package list from Ubuntu repository.
sudo apt update
Install Splunk in Ubuntu
In order to install Splunk in Ubuntu, you have to grab its DEB installer first.
Head on over to Splunk official website and click on the Free Splunk button on the top right corner of your screen. After that, you have to create an account in order to download the installer. Make sure you select Software Download instead of Cloud Trial.
In the next step, choose Linux as your platform and download the DEB file. This DEB file installs Splunk Free - a completely free of charge, slimmed-down, limited product which only allows 500MB indexing per day. After 60 days you can convert to a perpetual free license or purchase a Splunk Enterprise license to continue using the expanded functionality designed for enterprise-scale deployments.
Suppose that the DEB installer is downloaded into
/home/nl directory, run the following command to install the DEB.
Code language: CSS (css)
sudo dpkg -i splunk-8.2.5-77015bc7a462-linux-2.6-amd64.deb
Once the process completes, you can start Splunk at boot by running the following command
sudo /opt/splunk/bin/splunk enable boot-start
At the first run, you'll be shown the Splunk Software License Agreement. In order to accept it, scroll until the end using S key and enter y. You will also need to create an administrator account by specifying an username and password.
Once complete installation, start Splunk service by running the following command:
sudo systemctl start splunk
Splunk will run at port 8000. In order to access its interface, open up a web browser of your choice and go to
We hope that the information above helped you successfully install Splunk on your Ubuntu system. You may be interested in our other Linux software roundups, including 8 Best Open Source CMDB software, Best Linux Video Converters or Best Python Graphics Libraries. If you have any suggestion, please feel free to leave a comment below.