Install Splunk Enterprise 9.0 on RHEL/CentOS 8

by

Splunk Enterprise is a data platform designed to help businesses manage big data and analyze machine data. It can be deployed on-premises or in the cloud via the Splunk Cloud Platform and enables you to search, analyze and visualize your data to quickly act on insights from across your technology landscape.

splunk_logo

Installing/Starting Splunk Enterprise 9.0.4 on RHEL8(or CentOS8):

  1. Download rpm package and install it by dnf or rpm command:
[root@unixonline ~]# dnf localinstall splunk-9.0.4-de405f4a7979-linux-2.6-x86_64.rpm
Or
[root@unixonline ~]# rpm -ivh splunk-9.0.4-de405f4a7979-linux-2.6-x86_64.rp

2. Start Splunk Service:

### after starting splunk license data will be shown to you press Enter to go through it and then type y to agree.
### choose administrator Username and password to access splunk web UI.
[root@unixonline ~]# /opt/splunk/bin/splunk start
SPLUNK GENERAL TERMS

Last Updated: August 12, 2021

These Splunk General Terms ("General Terms") between Splunk Inc., a Delaware
corporation, with its principal place of business at 270 Brannan Street, San
Francisco, California 94107, U.S.A ("Splunk" or "we" or "us" or "our") and you
("Customer" or "you" or "your") apply to the purchase of licenses and
subscriptions for Splunk's Offerings. By clicking on the appropriate button,
or by downloading, installing, accessing or using the Offerings, you agree to
these General Terms. If you are entering into these General Terms on behalf of
Customer, you represent that you have the authority to bind Customer. If you
do not agree to these General Terms, or if you are not authorized to accept
the General Terms on behalf of the Customer, do not download, install, access,
or use any of the Offerings.
.
.
.


"Statement of Work" means the statements of work and/or any and all applicable
Orders, that describe the specific services to be performed by Splunk,
including any materials and deliverables to be delivered by Splunk.
Do you agree with this license? [y/n]: y

This appears to be your first time running this version of Splunk.

Splunk software must create an administrator account during startup. Otherwise, you cannot log in.
Create credentials for the administrator account.
Characters do not appear on the screen when you type in credentials.

Please enter an administrator username: admin   ###Enter Splunk administration Username
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password:                    ###Enter Splunk administration Password
Please confirm new password:                    ###confirm Splunk administration Password
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 2048 bit long modulus
.........+++++
..........+++++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 2048 bit long modulus
............+++++
......................+++++
e is 65537 (0x10001)
writing RSA key

Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
splunkd 78797 was not running.
Stopping splunk helpers...
                                                           [  OK  ]
Done.
Stopped helpers.
Removing stale pid file... done.

Splunk> Australian for grep.

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking appserver port [127.0.0.1:8065]: open
        Checking kvstore port [8191]: open
        Checking configuration... Done.
                Creating: /opt/splunk/var/lib/splunk
                Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
                Creating: /opt/splunk/var/run/splunk/upload
                Creating: /opt/splunk/var/run/splunk/search_telemetry
                Creating: /opt/splunk/var/spool/splunk
                Creating: /opt/splunk/var/spool/dirmoncache
                Creating: /opt/splunk/var/lib/splunk/authDb
                Creating: /opt/splunk/var/lib/splunk/hashDb
New certs have been generated in '/opt/splunk/etc/auth'.
        Checking critical directories...        Done
        Checking indexes...
                Validated: _audit _configtracker _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket history main summary
        Done
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunk/splunk-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Generating a RSA private key
............................+++++
.............+++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=unixonline/O=SplunkUser
Getting CA Private Key
writing RSA key
PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available................. Done


If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://unixonline:8000

3. Open Generated Splunk URL link(generated in section 2) in the Internet browser App:

The Splunk web interface is at http://unixonline:8000

As shown in the above, link to access splunk is “http://unixonline:8000”. Please note that this is my access link you will get your own link I suggest you to use that to avoid confusion.

4. If your Splunk is not accessible please make sure to run the following commands to add an exception to your firewall settings:

firewall-cmd --zone=public --permanent --add-port 8080/tcp
firewall-cmd --reload

Now access your splunk web.

Splunk web UI
Splunk web UI

5. Enter Username/Password that you have set while installing splunk and login to Splunk web UI :

*** For activating Splunk Enterprise, please refer to “Splunk Enterprise 9.0 license activation for test cases on Linux

Download Splunk 9.0.4 (Linux OS):

Link: Splunk Enterprise For Linux RPM
Size: 573.05 MB

Link: Splunk Enterprise For Linux DEB
Size: 444.76 MB

Link: Splunk Enterprise For Linux TGZ
Size: 572.71 MB

Download Splunk 9.0.4 license activation(Linux OS):

Splunk Keygen + How to Activate it (Splunk_Keygens.zip)
Size: 9.08 MB

*** NOTICE: FYI, its for test purpose only and not recommended on production systems.

1 thought on “Install Splunk Enterprise 9.0 on RHEL/CentOS 8”

  1. Pingback: Splunk Enterprise 9.x license activation for test cases on Linux - unixonline.ir

Leave a Comment