FASTEST SPLUNK INSTALLATION FOR YOUR HOMELAB- PART 1

Splunk is a powerful software platform used for collecting, indexing, searching, analyzing, and visualizing machine-generated data in real-time. It is primarily used for monitoring, troubleshooting, and gaining insights from log files, event data, metrics, and other forms of machine-generated data.

Here are some key features and capabilities of Splunk:

1. Data Collection
2. Indexing and Search
3. Real-time Monitoring
4. Data Analysis and Visualization
5. Security and Compliance
6. IT Operations and Infrastructure Monitoring
7. Log Management and Troubleshooting
8. Machine Learning and AI Integration

Splunk is highly versatile and finds applications across industries and use cases, including IT operations, cybersecurity, application performance monitoring, business analytics, IoT data analysis, and more. Its flexible architecture, extensive ecosystem, and large community support make it a popular choice for managing and extracting value from machine-generated data.

A. INSTALL DOCKER ENGINE ON UBUNTU VM

Install using the apt repository

Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.

Set up the repository

1. Update the apt package index and install packages to allow apt to use a repository over HTTPS:

$ sudo apt-get update 
$ sudo apt-get install ca-certificates curl gnupg

2. Add Docker’s official GPG key:

$ sudo install -m 0755 -d /etc/apt/keyrings 
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg 
$ sudo chmod a+r /etc/apt/keyrings/docker.gpg

3. Use the following command to set up the repository:

$ echo \   "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \   "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \   sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

1. Update the apt package index:

$ sudo apt-get update

2. Install Docker Engine, containerd, and Docker Compose.

To install the latest version, run:

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify that the Docker Engine installation is successful by running the hello-world image.

$ sudo docker run hello-world

B. RUN SPLUNK IN THE DOCKER CONTAINER

1. Run the following command to pull the latest images into your environment:

$ docker pull splunk/splunk:latest

2. Use the following command to start a single instance of the Splunk Enterprise:

$ docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=<password>"

Remember to replace <password> with an actual password of your choice.

For example:

sudo docker run -d -p 8000:8000 -e “SPLUNK_START_ARGS= — accept-license” -e “SPLUNK_PASSWORD=test1234” — name splunk splunk/splunk:latest

3. Access SplunkWeb at http://localhost:8000 with username as:adminand password as: password>.

C. INSTALL ADDITIONAL APPS FROM SPLUNKBASE

Go to https://splunkbase.splunk.com/. In the search field, type the name of a Splunk app, E.g. Eventgen. Ensure you’re logged in to Splunk before you download the installation file. If you don’t have a Splunk account, you can create one here

1. The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.
2. The Splunk Dashboard Examples delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML.
3. The Security monitoring for Splunk app gives a view of your ingested operational security data. It provides you with a suggested list of security data to ingest. Tells you why you should monitor it, and a suggested priority. The app includes tutorials, pointers for things to look out for in your data, built in help on dashboards, and guidance on configuring data feeds into Splunk. It has been designed to give you as much information and detail as possible without the need to use the Splunk search bar.

Download these three apps and let’s get ready to install them.

Launch your Splunk on your browser and locate the Apps tab. There is a gear icon where you can do some configurations. Click on it

Here is a list of pre-installed apps on Splunk. Locate “Install app from file”

Choose your downloaded file and check the option to upgrade app

…. Continue to part 2

REFERENCES:

1. https://hub.docker.com/r/splunk/splunk/
2. https://docs.docker.com/engine/install/ubuntu/
3. https://splunkbase.splunk.com/