When is a quick lab Splunk install useful?
There are a few cases where a quick lab Splunk install can work to your advantage. One instance would be when you have log files (or anything else that Splunk will ingest) that you need to quickly investigate, or to demonstrate for someone else how useful Splunk is for this sort of work. Another case is when you have data you need to onboard and want to experiment with configurations and apps to determine what you should deploy in production.
What should you be aware of when building this system?
When building this type of system, assume a very short lifetime – use a VM (or a cloud instance), test what you need to, and then throw the system away. This lab is intended to get Splunk up and running as quickly as possible, without focusing on configuration best practices or deployment strategies you should consider for a permanent deployment.
Note: If you’re reading this, you’ll probably want to play around with Splunk for a bit in a temporary environment.
For this lab, I’ve chosen a Ubuntu 16.04 instance hosted by Linode. These steps will be similar regardless of what distribution or provider you choose – you will just need SSH access to the Linux host to get started. The free tier offered by Amazon AWS is a great way to get started without having any upfront cost when experimenting.
Obviously, the low-cost cloud instances will be well below the minimum specifications for Splunk. As long as you are only working with a (very) small set of data, Splunk will still function in this type of environment, but you will likely notice degraded performance if you try and do any significant work on the system. That said, even the smallest cloud instances have been sufficient for most of the quick testing I have needed to do, but I tend to go with a larger machine when needing to work with anything more than a single sample file or two.
For this lab, the instance I’m using has a single CPU core and 2gb of RAM, with 30gb of SSD-backed storage. Definitely not something that should end up being your production Splunk instance!
3… 2… 1… GO! Time to install Splunk!
In this tutorial I will be showing you how to go from Zero to Splunk in just a couple mins. I’ll walk you through the steps and by the end you will know how to install Splunk on a Linux VM. Below you will find the video as well as the associated steps.
Before getting started make sure you confirm that you can SSH into the Linux system where you will be running the installation. In this instance, I have logged in as root directly.