SPLUNK is one of the most widespread SIEM Solution Because of the big functionality that described in robust and powerful software and flexible query language supported
: Splunk server installation can be achieved in two modes
Clustering Architecture : that contains some nodes some of the-
(.cluster master , license master , search heads , indexers , etc)
All-in-one : that contains all of these servers in one server only and this-
way is very useful if you have a small business or creating an environment for learning
in this blog we will show in brief how to install All-in-one Splunk Server in Ubuntu
! let's go
First , you should make your machine ready and update it
apt get update
then download your package from Splunk official website-
install the package using package manager -
after the installation complete check the status-
then you start your Splunk instance using following command in this path and enter your administrator user name and password
after that is complete it will give you the GUI URL to access Splunk server -
before you open the GUI make the last step to enable boot start-
! your Instance is ready now -
Tags
SIEM