Splunk® Light

Installation Manual

Download manual as PDF

Download topic as PDF

Install Splunk Light using Linux

The topic includes instructions for installing Splunk Light on Linux using the RPM package, the DEB package, or the .tgz file.

You can download Splunk Light from Splunk.com.

Before you install

Do not install Splunk Light on a system that currently has Splunk Enterprise installed.

Create the splunk user

When you run the installation as root and use the RPM package or the DEB package, Splunk Light creates the splunk user.

Check user permissions

After you create the Splunk user, make sure that it has permissions to read and execute the installer file.

Decide where to install Splunk

The RPM and DEB packages install Splunk Light into /opt/splunk by default. You can specify another directory for the RPM install.

The .tgz file installs into the current working directory. If you want to install it into another directory, move the file there before you install.

Install Splunk Light using the RPM package

To follow these installation instructions, replace splunk_package_name.rpm with the name of the installer package you downloaded.

1. Run the rpm command.

Use the folllowing to install Splunk Light into the default directory.

 rpm -i splunk_package_name.rpm

Use --prefix to select another installation directory.

 rpm -i --prefix=/opt/new_directory splunk_package_name.rpm

2. Start Splunk Light.

 splunk start --accept-license

3. (Optional) To boot-start Splunk Light, add the following to /etc/init.d.

./splunk start --accept-license
./splunk enable boot-start

4. Create your admin credentials.

This appears to be your first time running this version of Splunk.

An Admin password must be set before installation proceeds.
Password must contain at least:
* 8 total printable ASCII character(s).
Please enter a new password:

If you are installing using --no-prompt in the command line, then you are not prompted to create the administrator password. If you do not create a password, upon login you will see a message that there is no user and you will not be able to log into Splunk Enterprise.


To create credentials, edit $SPLUNK_HOME/etc/system/local/user-seed.conf, then restart Splunk:

[user_info]
USERNAME = admin
PASSWORD = <your password>

For more information about options for creating a password, including password management for automated installations, see Create admin passwords for your Splunk Installation.

Install Splunk Light using the DEB package

To follow these installation instructions, replace splunk_package_name.deb with the name of the installer package you downloaded.

1. Run the dpkg command to install Splunk Light into the default directory.

 dpkg -i splunk_package_name.deb

You cannot install the DEB package into another directory.

2. Start Splunk Light.

 splunk start --accept-license

3. Create your admin credentials.

This appears to be your first time running this version of Splunk.

An Admin password must be set before installation proceeds.
Password must contain at least:
* 8 total printable ASCII character(s).
Please enter a new password:

If you are installing using --no-prompt in the command line, then you are not prompted to create the administrator password. If you do not create a password, upon login Splunk displays a message that there is no user and you are unable to log into Splunk Enterprise.

To create credentials, edit $SPLUNK_HOME/etc/system/local/user-seed.conf, then restart Splunk Enterprise:

[user_info]
USERNAME = admin
PASSWORD = <your password>

For more information about options for creating a password, including password management for automated installations, see Create admin passwords for your Splunk Installation.

Install Splunk Light using the .tgz file

To follow these installation instructions, replace splunk_package_name.tgz with the name of the installer package you downloaded.

1. Move the .tgz file to the directory you want to install Splunk Light.

For example, to install it into /opt/splunk, use:

 mv splunk_package_name.tgz /opt/splunk

2. In the installation directory, use the tar command to expand the file.

 tar xvzf splunk_package_name.tgz

3. Start Splunk Light.

 splunk/bin/splunk start --accept-license

4. Create your admin credentials.

This appears to be your first time running this version of Splunk.

An Admin password must be set before installation proceeds.
Password must contain at least:
* 8 total printable ASCII character(s).
Please enter a new password:

If you are installing using --no-prompt in the command line, then you are not prompted to create the administrator password. If you do not create a password, upon login Splunk displays a message that there is no user and you are unable to log into Splunk Enterprise.

To create credentials, edit $SPLUNK_HOME/etc/system/local/user-seed.conf, then restart Splunk Enterprise:

[user_info]
USERNAME = admin
PASSWORD = <your password>

For more information about options for creating a password, including password management for automated installations, see Create admin passwords for your Splunk Installation.

PREVIOUS
Install Splunk Light using Mac OS X
  NEXT
Run Splunk Light as a non-root user

This documentation applies to the following versions of Splunk® Light: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.3.0, 7.3.1, 7.3.2


Comments

Hi
1. DEFINITIONS. Capitalized terms used but not otherwise defined in this
--More--(2%)
I am not able to install splunk on ubuntu.. from here
installed .deb

R082191
March 16, 2019

Anonymous9coder, sorry we do not offer Splunk Light 32-bit for Linux. Regarding your installation issue I found a post on Splunk Answers that might be relevant: https://answers.splunk.com/answers/45469/forwarder-install-via-rpm-failed-dependencies.html.

Andrewb splunk, Splunker
October 4, 2018

Also do you have 32bit splunk light for older machines ?

Anonymous9coder
October 3, 2018

Hello Team ,
I get the below error while trying to install free splunk on my personal machine , I donno why ??
root@global:/proj/splunk# uname -a
Linux global 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:46:32 UTC 2018 i686 i686 i686 GNU/Linux

Error
root@global:/proj/splunk# rpm -i splunk-7.2.0-8c86330ac18-linux-2.6-x86_64.rpm
rpm: RPM should not be used directly install RPM packages, use Alien instead!
rpm: However assuming you know what you are doing...
error: Failed dependencies:
/bin/mv is needed by splunk-7.2.0-8c86330ac18.x86_64
/bin/sh is needed by splunk-7.2.0-8c86330ac18.x86_64
/bin/uname is needed by splunk-7.2.0-8c86330ac18.x86_64
/usr/sbin/groupadd is needed by splunk-7.2.0-8c86330ac18.x86_64
/usr/sbin/useradd is needed by splunk-7.2.0-8c86330ac18.x86_64

Anonymous9coder
October 3, 2018

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters