What you need for this tutorial
To start this tutorial, you need access to a Splunk deployment version 6.0 or higher, either Splunk Cloud or Splunk Enterprise.
- Note: If you already have access to a Splunk deployment, skip this chapter and start with Part 1: Load the tutorial data.
If you intend to download, install, and start Splunk Enterprise, this topic contains system requirements and tells you what you need to know about Splunk licenses.
You can use Splunk Enterprise on Linux, Windows, and Mac OS. For this tutorial, your computer must meet the specifications listed in the following table.
Requirement Minimum supported hardware capacity Non-Windows platforms 1x1.4GHz CPU, 1GB RAM Windows platforms Pentium 4 or equivalent at 2GHz, 2GB RAM Web browser The latest versions of Chrome, Firefox, and Safari browsers are supported with Splunk Enterprise 6.0 and later
This is a snapshot of the Splunk Enterprise system requirements. See the System Requirements topic in the Installation manual.
Create a Splunk.com account
You need a Splunk.com account to download the free trial Splunk software. If you do not already have a Splunk.com account, you need to create an account. If you already have an account, you need to log in to that account.
- Go to http://www.splunk.com/.
- Create an account, or log in to an existing account.
- To create an account, click My Account > Sign Up. Enter the registration information.
- To log in to an existing account, click My Account > Login.
Download the latest version of Splunk Enterprise
If it has been a while since you downloaded the Splunk Trial software, download the trial software again. It is possible that the Trial license converted to a Free license. The Free license has some limitations that will not allow you to complete all parts of this tutorial. See Splunk trial licenses for more information.
- Identify the installer that you want use with the tutorial.
Operating system For this tutorial Available installers Linux Use any of the installers. 3 installers. An RPM download for RedHat, a DEB package for Debian Linux, and a TAR file installer. Mac OSX Use the DMG packaged graphical installer. 2 installers. A DMG package and a TAR file installer. Windows Use the MSI file graphical installer. 2 installers. An MSI file and a compressed ZIP file.
- Download the free trial version of the installer for Splunk Enterprise.
- Accept the license agreement and click Start Your Download Now.
Splunk trial licenses
- When you download Splunk Enterprise for the first time, you get an Enterprise Trial license for 60 days. This Enterprise Trial license includes all of the features, but limits the amount of data that you can index each day. The daily limit is 500MB.
- After 60 days, the Enterprise Trial license converts to a Free license and some of the features, such as authentication and alerting, are disabled. The Free license also includes the 500MB each day of indexing volume, but has no expiration date.
Installing and starting Splunk Enterprise
For instructions on installing, and starting the software, see the following topics in the Search Tutorial.
- Install Splunk Enterprise on Linux, Windows, or Mac OS X
- Start Splunk Enterprise and launch Splunk Web
The next topic describes how to navigate the views in Splunk Web.
About the Data Model and Pivot Tutorial
Navigating Splunk Web
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13