Splunk® Enterprise

Installation Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Installation overview

Installing Splunk Enterprise on a host is the first step in realizing value from your data. Read this topic and the contents of this chapter before you begin an installation.

There are two ways you can install Splunk Enterprise:

  • Download and install a Splunk Enterprise installation package
  • Download the Splunk Enterprise Docker image and run Splunk Enterprise inside a Docker container

Containerized Splunk Enterprise provides a simplified and consistent way for you to quickly get started with Splunk Enterprise and gain hands-on experience with the software. While Splunk Enterprise Docker containers are portable across different environments and allow for complex and scalable deployments, in this release, Splunk only supports the standalone and single-server Splunk topology for container-based deployments. For information about Docker, see the Docker documentation.

Install Splunk Enterprise by using an installation package

  1. See the system requirements for installation. Additional requirements for installation might apply based on the operating system on which you install Splunk Enterprise and how you use Splunk Enterprise.
  2. (Optional) See Components of a Splunk Enterprise deployment to learn about the Splunk Enterprise ecosystem, and Splunk architecture and processes to learn what the installer puts on your machine.
  3. See Secure your Splunk Enterprise installation and, where appropriate, secure the machine on which you will install Splunk Enterprise.
  4. Download the installation package for your system from the Splunk Enterprise download page.
  5. (Optional) Migrate your KV store storage engine from the Memory Mapped (MMAP) storage engine to the WiredTiger storage engine to significantly reduce the amount of storage you need and to improve performance. See Migrate the KV store storage engine in the Admin manual to plan your migration.
  6. Perform the installation by using the installation instructions for your operating system. See Installation instructions.
  7. (Optional) If this is the first time you have installed Splunk Enterprise, see the Search Tutorial to learn how to index data into Splunk software and search that data using the Splunk Enterprise search language.
  8. (Optional) After you install Splunk Enterprise, calculate the amount of space your data takes up. See Estimate your storage requirements in the Capacity Planning Manual.
  9. To run Splunk Enterprise in a production environment and to understand how much hardware such an environment requires, see the Capacity Planning Manual.

Deploy and run Splunk Enterprise inside Docker containers

  1. Confirm that your system meets the following requirements for container-based installation:
    1. See the Containerized computing platforms section in Supported Operating Systems for supported operating systems.
    2. Confirm that your system meets or exceeds the recommended hardware requirements. See Recommended hardware.
    3. Confirm that any disk volumes that you use to store Splunk Enterprise data inside a Docker container use one of the supported file systems. See Supported file systems.
  2. See Secure your Splunk Enterprise installation and, where appropriate, secure the machine on which you want to install Splunk Enterprise.
  3. Download and install Docker Enterprise or Community Edition Engine 17.06.2 or higher for your operating system.
  4. Perform the installation. See Deploy and run Splunk Enterprise Docker containers for step-by-step installation instructions.
  5. (Optional) Estimate the amount of space your Splunk Enterprise data will take up. See Estimate your storage requirements in the Capacity Planning Manual.
  6. Create and mount volumes to the containers for storing data that Splunk Enterprise uses and generates, such as indexed data and configuration files.
    For instructions on configuring storage for data persistence, see Data Storage on Splunk Github.
  7. To run Splunk Enterprise in a production environment and to understand how much hardware such an environment requires, see the Capacity Planning Manual.

Upgrade or migrate a Splunk Enterprise instance

In many cases, you can upgrade Splunk Enterprise over an existing version.

Last modified on 17 September, 2020
PREVIOUS
What's in this manual
  NEXT
System requirements for use of Splunk Enterprise on-premises

This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters