Splunk® Enterprise

Search Tutorial

Download manual as PDF

Download topic as PDF

What you need for this tutorial

You need to create a Splunk.com account, access the free trial Splunk software, and download the tutorial data files. There might be other prerequisites, depending on which Splunk platform you use.

Create a Splunk.com account

You need a Splunk.com account to download the free trial Splunk software. If you do not already have a Splunk.com account, you need to create an account. If you already have an account, you need to log in to that account.

  1. In a separate browser window, go to http://www.splunk.com/.
    • Use CTRL+click on the download link to open the link in a new browser tab.
    • By using a separate browser window, you keep this window with the Search Tutorial instructions open. You can switch back and forth between the browser tabs.
  2. In the upper right corner of the window, click the Splunk Account icon This image shows an icon of a person.
    • To create an account, click Sign Up and complete the registration information.
    • To log in to an existing account, click Login.

Choose a platform

You can use this tutorial with a trial version of Splunk Cloud or Splunk Enterprise. The main difference in the trial versions is the length of the license.

Splunk Cloud
When you start a Splunk Cloud trial, you have access to Splunk Cloud for 15 days. The trial license includes all of the features in Splunk Cloud, and access to select premium applications and add-ons. You can index up to 5GB of data each day.
After 15 days, the access to your Splunk Cloud trial expires.
Splunk Enterprise
When you download Splunk Enterprise for the first time, you get a Splunk Enterprise Trial license for 60 days. This trial license includes all of the features in Splunk Enterprise, and access to all premium applications and add-ons. You can index up to 500MB of data each day.
After 60 days, the Enterprise Trial license converts to a perpetual Free license and some of the features, such as user preferences, authentication, and alerting are disabled. The Free license also includes the 500MB daily indexing volume, but there is no expiration date. See About Splunk Free in the Admin manual.

System requirements

Ensure that your computer meets the system requirements for your platform.

Splunk Cloud

You must have a web browser. The latest versions of Chrome, Firefox, and Safari browsers are supported with Splunk Cloud.

Splunk Enterprise

You can use Splunk Enterprise on Linux, Windows, and Mac OS. For this tutorial, your computer must meet the specifications listed in the following table.
Requirement Minimum supported hardware capacity
Non-Windows platforms 2-core 64-bit CPU at 2GHz or greater, 4GB RAM
Windows platforms 2-core 64-bit CPU at 2GHz or greater, 4GB RAM
Web browser The latest versions of Chrome, Firefox, and Safari browsers are supported with Splunk Enterprise 6.0 and later

Download the tutorial data files

This tutorial uses a fictitious game store, called Buttercup Games, that sells games and related items in an online store.

You must download several data files to use with the tutorial. The data files contain web access log files, secure formatted log files, sales log files, and a price list in a CSV file.

If you use the Safari browser, under Preferences > General, ensure that the Open “safe” files after downloading option is unchecked. The tutorialdata.zip file must be compressed to upload the file successfully.

  1. Download the tutorialdata.zip file. Do not uncompress the file.
  2. Download the Prices.csv.zip file. Do not uncompress the file at this time.

Access the trial version of the Splunk software

For this tutorial, use the latest version of the software.

Splunk Cloud

For this tutorial, set up a trial version of Splunk Cloud.

  1. In a separate browser window, setup a free trial version of Splunk Cloud.
    • Use CTRL+click on the download link to open the link in a new browser tab.
    • By using a separate browser window, you keep this window with the Search Tutorial instructions open. You can switch back and forth between the browser tabs.
  2. Follow the prompts on the website.
  3. When the trial version is created, click View My Instance.
  4. On the Terms of Service page, check the box to confirm your agreement and click OK.
    • Your trial version of Splunk Cloud opens in a browser window.
    • Additionally, an email is sent to you with information about your Splunk Cloud instance. For example, if you close the browser window, the email explains how to access your Splunk Cloud instance again.
  5. See Next step.

Splunk Enterprise

If you downloaded the Splunk Enterprise trial software previously, download the trial software again. It is possible that your Splunk Enterprise trial license converted to a free license. The free license has some limitations that will not allow you to complete all parts of this tutorial.

  1. Identify the installer that you want use with the tutorial.
    Operating system For this tutorial Available installers
    Linux Use any of the installers. 3 installers. An RPM download for RedHat, a DEB package for Debian Linux, and a TAR file installer.
    Mac OSX Use the DMG packaged graphical installer. 2 installers. A DMG package and a TAR file installer.
    Windows Use the MSI file graphical installer that is appropriate for you computer. 2 installers. An MSI file for 64-bit and an MSI file for 32-bit.
  2. In a separate browser window, download the free trial version of the installer for Splunk Enterprise.
    • Use CTRL+click on the download link to open the link in a new browser tab.
    • By using a separate browser window, you keep this window with the Search Tutorial instructions open. You can switch back and forth between the browser tabs.
  3. See Next step.

Next step

The next step depends on the Splunk platform that you are using.

Splunk Cloud

If you see a window welcoming you to the Splunk Free Cloud Trial and inviting you to Drop your data file here, close that window. You will upload the tutorial data In Part 2. For now, go to Navigating Splunk Web.

Splunk Enterprise

You must install Splunk Enterprise.

See also

System Requirements in the Installation Manual
Types of Splunk licenses in the Admin Manual

PREVIOUS
About the Search Tutorial
  NEXT
Install Splunk Enterprise

This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.2.0, 7.2.1, 7.2.2, 7.2.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters