About the Splunk Enterprise AMI
Splunk Enterprise is available as an Amazon Machine Image on the Amazon Web Services Marketplace.
What is the Splunk Enterprise AMI?
The Splunk Enterprise AMI is an Amazon Machine Image consisting of Splunk Enterprise running on Amazon Linux.
It comes with an Enterprise Trial license.
Get the Splunk Enterprise AMI with 1-click
- From the AWS Marketplace, select Splunk Enterprise AMI.
- From the overview page, click continue.
- On the Launch on EC2 page:
- Choose an EC2 instance type. Make sure you pick an instance type large enough to handle what you want Splunk to do for you. The default is C3.L. See Introduction to capacity planning for Splunk Enterprise in the Capacity Planning Manual for more information.
- Click "Launch with 1-click"
- In your security group, note the ports that are open. TCP (554), UDP, 8089 (management), 8000 (splunkweb), 9997 (fwder), 22 (SSH), 443 (SSL/https). Read more about About securing Splunk software and How to secure and harden your Splunk software installation in Securing Splunk Enterprise.
Start using the Splunk Enterprise AMI
Already started a copy of the Splunk Enterprise AMI on the AWS Marketplace? Then you have an instance of Splunk Enterprise running as the Splunk user. It will start when the machine starts.
Find Splunk Web
- In your EC2 Management Console, find your instance running Splunk Enterprise. Note its instance ID and public IP.
- Paste the public IP into a new browser tab (do not hit enter yet).
- Append :8000 to the end of the IP address.
- Hit enter.
- For Splunk version 7.2.5 and above, log into Splunk Enterprise with the credentials:
- It is recommended that you change your password after login.
- For Splunk version below 7.2.5, log into Splunk Enterprise with the credentials:
- On the next screen, set a new password.
- Follow the Search Tutorial, which steps you through uploading a file, running basic searches, and generating reports.
- Learn about knowledge objects in the Knowledge Manager Manual.
- See Splunk administration: the big picture in the Admin Manual for an overview of tasks in Splunk Enterprise and where you can find more information about them.
Upgrade Splunk Enterprise version
See "How to upgrade Splunk" in the Installation Manual. Be sure to run a backup before you begin the upgrade.
Upgrade your AWS storage capacity
See the AWS documentation about Amazon EBS.
Upgrade your AWS compute capacity
See the AWS documentation about Amazon EC2.
Use Splunk Web with a reverse proxy configuration
This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4