About the Splunk Enterprise AMI
Splunk Enterprise is available as an Amazon Machine Image on the Amazon Web Services Marketplace.
What is the Splunk Enterprise AMI?
The Splunk Enterprise AMI is an Amazon Machine Image consisting of Splunk Enterprise running on Amazon Linux.
It comes with an Enterprise Trial license.
Get the Splunk Enterprise AMI with 1-click
- From the AWS Marketplace, select Splunk Enterprise AMI.
- From the overview page, click continue.
- On the Launch on EC2 page:
- Choose an EC2 instance type. Make sure you pick an instance type large enough to handle what you want Splunk to do for you. The default is C3.L. See "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual for more information.
- Click "Launch with 1-click"
- In your security group, note the ports that are open. TCP (554), UDP, 8089 (management), 8000 (splunkweb), 9997 (fwder), 22 (SSH), 443 (SSL/https). Read more about ways to secure Splunk Enterprise and hardening standards in the Securing Splunk Manual.
Start using the Splunk Enterprise AMI
Already started a copy of the Splunk Enterprise AMI on the AWS Marketplace? Then you have an instance of Splunk Enterprise running as the Splunk user. It will start when the machine starts.
Find Splunk Web
- In your EC2 Management Console, find your instance running Splunk Enterprise. Note its instance ID and public IP.
- Paste the public IP into a new browser tab (do not hit enter yet).
- Append :8000 to the end of the IP address.
- Hit enter.
- Log into Splunk Enterprise with the credentials:
- username: admin
- password: <instance id from management console>
- On the next screen, set a new password.
- Follow the Search Tutorial, which steps you through uploading a file, running basic searches, and generating reports.
- Learn about data models with the Data Model and Pivot Tutorial.
- See "Splunk administration: the big picture" for an overview of tasks in Splunk Enterprise and where you can find more information about them.
Upgrade Splunk Enterprise version
See "How to upgrade Splunk" in the Installation Manual. Be sure to run a backup before you begin the upgrade.
Upgrade your AWS storage capacity
See the AWS documentation about Amazon EBS.
Upgrade your AWS compute capacity
See the AWS documentation about Amazon EC2.
Use Splunk Web with a reverse proxy configuration
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 7.0.0