Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

About the Splunk Enterprise AMI

Splunk Enterprise is available as an Amazon Machine Image on the Amazon Web Services Marketplace.

What is the Splunk Enterprise AMI?

The Splunk Enterprise AMI is an Amazon Machine Image consisting of Splunk Enterprise running on Amazon Linux.

It comes with an Enterprise Trial license.

Get the Splunk Enterprise AMI with 1-click

  • From the AWS Marketplace, select Splunk Enterprise AMI.
  • From the overview page, click continue.
  • On the Launch on EC2 page:
    • Choose an EC2 instance type. Make sure you pick an instance type large enough to handle what you want Splunk to do for you. The default is C3.L. See "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual for more information.
    • Click "Launch with 1-click"
  • In your security group, note the ports that are open. TCP (554), UDP, 8089 (management), 8000 (splunkweb), 9997 (fwder), 22 (SSH), 443 (SSL/https). Read more about ways to secure Splunk Enterprise and hardening standards in the Securing Splunk Manual.

Start using the Splunk Enterprise AMI

Already started a copy of the Splunk Enterprise AMI on the AWS Marketplace? Then you have an instance of Splunk Enterprise running as the Splunk user. It will start when the machine starts.

Find Splunk Web

  • In your EC2 Management Console, find your instance running Splunk Enterprise. Note its instance ID and public IP.
  • Paste the public IP into a new browser tab (do not hit enter yet).
  • Append :8000 to the end of the IP address.
  • Hit enter.
  • Log into Splunk Enterprise with the credentials:
    • username: admin
    • password: <instance id from management console>
  • On the next screen, set a new password.

Next tasks

Upgrade

Upgrade Splunk Enterprise version

See "How to upgrade Splunk" in the Installation Manual. Be sure to run a backup before you begin the upgrade.

Upgrade your AWS storage capacity

See the AWS documentation about Amazon EBS.

Upgrade your AWS compute capacity

See the AWS documentation about Amazon EC2.

Get help

To buy a Splunk Enterprise license and Enterprise Support, contact sales@splunk.com.

To file a Splunk Support ticket (as Community Support), sign up on splunk.com. Other community resources for help include Answers, IRC #splunk on efnet, and the Splunk Enterprise documentation.

PREVIOUS
Use Splunk Web with a reverse proxy configuration
  NEXT
alert_actions.conf

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 7.0.0, 7.0.1


Comments

@Eddiet, interesting question! The Splunk doc team does not have easy access to Chef/Puppet or deployed AMIs to help look for answers. You might try posting this question on Splunk Answers so the broader user community can provide input.

Andrewb splunk, Splunker
April 4, 2017

trying to use chef or puppet to change the default password (instance id) to a new one but even using the splunk edit admin command, it still prompts to change the admin password first before using teh splunk edit admin command.
any ideas?

Eddiet
April 2, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters