Assumptions
Installing Ubuntu is outside the scope of this post. However, I’m using virtualbox on a window machine.
Directions
Download the free trial of Splunk
wget -O splunk-9.2.1-78803f08aabb-linux-2.6-amd64.deb "https://download.splunk.com/products/splunk/releases/9.2.1/linux/splunk-9.2.1-78803f08aabb-linux-2.6-amd64.deb"If you get an error about your username not being in the sudoers file as I did. Run the following command:
su root This will change your user to the root user. You will need to enter the password, probably the same one you used to create your single account on Ubuntu.
Then we need to update the sudoer file:
nano /etc/sudoersThis opens the suder file and we are going to add your username there. Under the admin user add this:
user_name ALL=(ALL) ALLUse the su command to switch back to your original username. And even though it will now ask for the password you can now run more commands!
Now we need to install Splunk.
Next, we need to start the service.
sudo /opt/splunk/bin/splunk startThis will make you agree to a terms of service and select a username and password. Remember the password you will use it in the next section. You will also get the URL to your instance of Splunk. Copy that into a browser.
Now we need data. Download the two tutorial files from Splunk here.
Next we need to login, using the username and password we chose before and upload the tutorial files.
Click add data.
We are going to upload the files we downloaded from Splunk earlier.
Click upload.
We won’t change anything on the next page, just continue to the end.
Repeat for the file prices file.
After complete, click on Start Searching….
Now you are ready to start playing with Splunk. Have fun!