Splunk® Enterprise

Data Model and Pivot Tutorial

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. Click here for the latest version.
Acrobat logo Download topic as PDF

What you need for this tutorial

To start this tutorial, you need access to a Splunk deployment version 6.0 or higher, either Splunk Cloud or Splunk Enterprise.

Note: If you already have access to a Splunk deployment, skip this chapter and start with Part 1: Load the tutorial data.

If you intend to download, install, and start Splunk Enterprise, this topic contains system requirements and tells you what you need to know about Splunk licenses.

System requirements

You can use Splunk Enterprise on Linux, Windows, and Mac OS. For this tutorial, your computer must meet the specifications listed in the following table.

Requirement Minimum supported hardware capacity
Non-Windows platforms 1x1.4GHz CPU, 1GB RAM
Windows platforms Pentium 4 or equivalent at 2GHz, 2GB RAM
Web browser The latest versions of Chrome, Firefox, and Safari browsers are supported with Splunk Enterprise 6.0 and later

This is a snapshot of the Splunk Enterprise system requirements. See the System Requirements topic in the Installation manual.

Create a Splunk.com account

You need a Splunk.com account to download the free trial Splunk software. If you do not already have a Splunk.com account, you need to create an account. If you already have an account, you need to log in to that account.

  1. Go to http://www.splunk.com/.
  2. Create an account, or log in to an existing account.
  • To create an account, click My Account > Sign Up. Enter the registration information.
  • To log in to an existing account, click My Account > Login.

Download the latest version of Splunk Enterprise

If it has been a while since you downloaded the Splunk Trial software, download the trial software again. It is possible that the Trial license converted to a Free license. The Free license has some limitations that will not allow you to complete all parts of this tutorial. See Splunk trial licenses for more information.

  1. Identify the installer that you want use with the tutorial.
  2. Operating system For this tutorial Available installers
    Linux Use any of the installers. 3 installers. An RPM download for RedHat, a DEB package for Debian Linux, and a TAR file installer.
    Mac OSX Use the DMG packaged graphical installer. 2 installers. A DMG package and a TAR file installer.
    Windows Use the MSI file graphical installer. 2 installers. An MSI file and a compressed ZIP file.
  3. Download the free trial version of the installer for Splunk Enterprise.
  4. Accept the license agreement and click Start Your Download Now.

Splunk trial licenses

When you download Splunk Enterprise for the first time, you get an Enterprise Trial license for 60 days. This Enterprise Trial license includes all of the features, but limits the amount of data that you can index each day. The daily limit is 500MB.
After 60 days, the Enterprise Trial license converts to a Free license and some of the features, such as authentication and alerting, are disabled. The Free license also includes the 500MB each day of indexing volume, but has no expiration date.

Installing and starting Splunk Enterprise

For instructions on installing, and starting the software, see the following topics in the Search Tutorial.

Next steps

The next topic describes how to navigate the views in Splunk Web.

Last modified on 16 February, 2018
About the Data Model and Pivot Tutorial
Navigating Splunk Web

This documentation applies to the following versions of Splunk® Enterprise: 6.5.7, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters