Installing Splunk on Ubuntu 14.04

Download the latest version of Splunk Light (Currently version 6.5) to your download folder.

[email protected]:~/Downloads$ wget -O splunklight-6.5.0-59c8927def0f-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.5.0&product=splunk_light&filename=splunklight-6.5.0-59c8927def0f-Linux-x86_64.tgz&wget=true'

Extract the archive to the /opt/ folder.

[email protected]:~/Downloads$ sudo tar zvzf splunklight-6.5.0-59c8927def0f-Linux-x86_64.tgz -C /opt/

Export the folder where Splunk is installed to your environment.

[email protected]:/opt/splunk$ echo 'export SPLUNK_HOME=/opt/splunk/' >> ~/.bashrc 
[email protected]:/opt/splunk$ source ~/.bashrc

Make sure the rights of the /opt/splunk/ folder are correctly set.

[email protected]:/opt$ sudo chown -R jitsejan:root splunk/ 

Enable access to the Splunk web interface by adding a subdomain that links to the right port.

[email protected]:/etc/nginx/sites-available$ sudo nano splunk

Add the following to the configuration file. Change the subdomain and port to the right values for you.

server {
    listen 80;
    server_name subdomain.jitsejan.com;

    location / {
        proxy_pass http://localhost:8888;
    }
}

Enable the subdomain by creating a system link.

[email protected]:/etc/nginx/sites-available$ sudo ln -s /etc/nginx/sites-available/splunk /etc/nginx/sites-enabled/

And finally restart the server.

[email protected]:/etc/nginx/sites-available$ sudo service nginx restart

Now you can open up the browser and go the the subdomain that you just introduced.