{"id":62865,"date":"2020-11-02T16:25:45","date_gmt":"2020-11-02T21:25:45","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=62865"},"modified":"2021-08-16T15:29:16","modified_gmt":"2021-08-16T19:29:16","slug":"install-splunk","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/","title":{"rendered":"Install Splunk on Linux &#8211; Complete Setup Guide"},"content":{"rendered":"<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"538\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png\" alt=\"Setup Splunk on Linux - Getting Started Guide\" class=\"wp-image-65603\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-300x158.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-768x403.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png 1200w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>We have many guides on securing common web hosting solutions: cPanel servers, bare cloud servers, and even the popular WordPress content management system (CMS). Each includes great technical controls for a proactive approach to defense in depth. However, nothing can detect and prevent everything. The only way to address this is to apply administrative controls, primarily log auditing.<\/p>\n\n\n\n<p>Audit log management, also known as security information management (SIM), is more than website analytics such as page visits, bounce rate, and referral URLs. It includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Uptime<\/li><li>Account-specific actions<\/li><li>File change management<\/li><li>Login attempts and failures<\/li><li>Port and other reconnaissance scans<\/li><li>Incoming and outgoing network traffic<\/li><\/ul>\n\n\n\n<p class=\"alert alert-info\">The processes for auditing system-wide information and events are known respectively as security information management (SIM) and security event management (SEM). Combining the two types of information is known as security information and event management (SIEM).<\/p>\n\n\n\n<p>Server logs are oftentimes neglected if not natively accessible from a graphical user interface (GUI). Proactively scanning these logs can help you understand your residual risk to cyber attacks not prevented by current technical controls and how to strengthen your security stance.<\/p>\n\n\n\n<p>Below we\u2019ll cover:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"#what\">What is Splunk?<\/a><\/li><li><a href=\"#install\">Installing Splunk<\/a><ul><li><a href=\"#centos\">CentOS<\/a><\/li><li><a href=\"#debian\">Debian\/Ubuntu<\/a><ul><li><a href=\"#shell\">Change Default Debian Shell<\/a><\/li><\/ul><\/li><\/ul><\/li><li><a href=\"#setup\">Setting up Splunk<\/a><\/li><li><a href=\"#login\">Logging into Splunk<\/a><\/li><li><a href=\"#password\">Resetting Splunk admin credentials<\/a><ul><li><a href=\"#password\">Splunk username<\/a><\/li><\/ul><\/li><li><a href=\"#monitor\">Monitoring data in Splunk<\/a><\/li><li><a href=\"#apps\">Splunk apps and installation<\/a><ul><li><a href=\"#dashboard\">Within dashboard<\/a><\/li><li><a href=\"#manual\">Manually<\/a><\/li><\/ul><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what\">What is Splunk?<\/h2>\n\n\n\n<p>Splunk Enterprise is a SIEM application that gathers, organizes, and visualizes machine-generated log data from local and remote machines, websites, and cloud services. Having Splunk setup with your physical and cloud systems can be valuable for staying ahead of cybersecurity, connectivity, and other big data initiatives.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install\">How to Install Splunk Enterprise<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"centos\">Install Splunk Enterprise on CentOS<\/h3>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Create an account on on Splunk.com.<\/li><li>Select <strong>Free Splunk<\/strong> in the upper-right corner.<\/li><li>Select <strong>Free Splunk<\/strong>.<\/li><li>Select <strong>Linux<\/strong>, then <strong>Download Now<\/strong> beside <code>.rpm<\/code>.<\/li><li><a href=\"https:\/\/www.inmotionhosting.com\/support\/website\/how-to-upload-files-server\/\">Upload the file to your server<\/a>.<\/li><li><a href=\"https:\/\/www.inmotionhosting.com\/support\/server\/ssh\/how-to-login-ssh\/\">SSH into your server<\/a> as root.<\/li><li>Install the Splunk Enterprise RPM file:<pre>rpm -i path-to-file\/splunk-versionnumber.rpm<\/pre><\/li><li><a href=\"#setup\">Continue to Splunk setup<\/a>.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"debian\">Install Splunk Enterprise on Debian\/Ubuntu<\/h3>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Create an account on on Splunk.com.<\/li><li>Select <strong>Free Splunk<\/strong> in the upper-right corner.<\/li><li>Select <strong>Free Splunk<\/strong>.<\/li><li>Select <strong>Linux<\/strong>, then <strong>Download Now<\/strong> beside <code>.deb<\/code>.<\/li><li>Upload the file to your server with SCP, replacing the filename, username, and server hostname as needed:<pre>scp splunk-versionnumber.deb root@11.22.33.44:\/root<\/pre><\/li><li>SSH into your server as root.<\/li><li>Install the Splunk Enterprise DEB file:<pre>dpkg -i splunk-file.deb<\/pre><\/li><li>Verify Splunk installation status:<pre>dpkg --status splunk<\/pre><\/li><li><a href=\"#setup\">Continue to Splunk setup<\/a>.<\/li><\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"shell\">Change Your Default Shell<\/h4>\n\n\n\n<p>Splunk recommends using <code>bash<\/code> as your default shell as Debian\u2019s default shell, <code>dash<\/code>, may cause zombie processes which cannot be killed. Below we\u2019ll cover how to change your default Debian shell.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Find your default shell:<pre>which sh<\/pre><\/li><li>You should see <code>\/bin\/sh<\/code> or another symbolic link. Use ls to find the actual shell:<pre>ls -l \/bin\/sh<\/pre><\/li><li>If it doesn\u2019t show <code>bash<\/code> at the end, view installed shells to ensure it is installed:<pre>cat \/etc\/shells<\/pre><\/li><li>Delete the symbolic link:<pre>rm \/bin\/sh<\/pre><\/li><li>Create a new symbolic link pointing \/bin\/sh to bash:<pre>ln -s \/bin\/bash \/bin\/sh<\/pre><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"setup\">Complete Splunk Setup<\/h2>\n\n\n\n<p>After you install Splunk, follow the steps below to complete your Splunk setup.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Use Splunk to start the Splunk service:<pre>\/opt\/splunk\/bin\/splunk start<\/pre><\/li><li>Read the license agreement. At the end, select <kbd>y<\/kbd> and <kbd>Enter<\/kbd>.<\/li><li>Create an username.<\/li><li>Create a password with at least eight characters.<\/li><li>Once Splunk installation is complete, the last line will provide the URL to access the web interface: <code>http:\/\/serverhostname:8000<\/code>.<\/li><li>Open port 8000 in your firewall: Firewalld, UFW, CSF, etc. <p class=\"alert alert-warning\">Keep in mind that if you get locked out of your server and restart it, you\u2019ll need to start the Splunk service again before you can access the Splunk dashboard.<\/p><\/li><li>Open your Splunk web interface in your browser.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"login\">How to Log into the Splunk Dashboard<\/h2>\n\n\n\n<p>There are multiple options for logging into your Splunk dashboard depending on your server configuration. What matters most is that you use <code>:8000<\/code> at the end.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Server hostname<\/td><td>http:\/\/vps#####.inmotionhosting.com:8000<\/td><\/tr><tr><td>Server IP address<\/td><td>http:\/\/1.2.3.4:8000<\/td><\/tr><tr><td>Primary domain<\/td><td>http:\/\/domain.com:8000<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login-1024x576.png\" alt=\"Splunk web interface login\" class=\"wp-image-62874\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login-1024x576.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login-300x169.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login-768x432.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login-1536x864.png 1536w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-login.png 1920w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"password\">How to Reset Your Splunk Administrator Password<\/h3>\n\n\n\n<p>There\u2019s no \u201cForgot password\u201d link on the native Splunk login page. You\u2019ll need to edit the Splunk <code>passwd<\/code> file.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>SSH into your server.<\/li><li>Navigate to your Splunk \/etc directory (e.g. <code>cd \/opt\/splunk\/etc<\/code>). You can use the <code>find<\/code> command if needed.<pre>find \/ -iname splunk | grep etc<\/pre> <p class=\"alert alert-danger\">Don\u2019t edit a file in the <code>\/virtfs<\/code> directory.<\/p><\/li><li>Rename the file <code>passwd<\/code> to something else:<pre>mv passwd passwd.backup20201030<\/pre><\/li><li>Navigate to the Splunk <code>system\/local<\/code> directory:<pre>cd ..\/system\/local<\/pre><\/li><li>Create and edit a new file:<pre>nano user-seed.conf<\/pre><\/li><li>Inside the new file, add the following with a new username and password:<br><code>[user_info]<\/code><br><code>USERNAME = admin<\/code><br><code>PASSWORD = C0mp!c@T3Dp@s$w0RD<\/code><\/li><li>Save your file.<\/li><li>Restart Splunk to create a new passwd file:<pre>\/opt\/splunk\/bin\/splunk restart<\/pre><\/li><li>Log into your Splunk web interface with the new username and password.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"username\">Change Splunk Admin Username<\/h3>\n\n\n\n<p>If you want to change your admin username, possibly because you\u2019ve noticed brute force login attacks for predictable usernames, follow the steps below to better secure your Splunk setup.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Edit your Splunk passwd file:<pre>nano \/opt\/splunk\/etc\/passwd<\/pre><\/li><li>Edit the username at the beginning of the file.<\/li><li>Save your changes.<\/li><li>Restart Splunk:<pre>\/opt\/splunk\/bin\/splunk restart <\/pre><\/li><li>Log into Splunk.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"monitor\">Monitor Data in Splunk<\/h2>\n\n\n\n<p>Below we\u2019ll cover how to add your first log source into your Splunk setup.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Log into your Splunk web interface.<\/li><li>Select <strong>Add Data<\/strong>.<\/li><li>At the bottom, select <strong>Monitor<\/strong>.<\/li><li>On the left of the <em>Select Source<\/em> page, select <strong>Files &amp; Directories<\/strong>.<\/li><li>Select <strong>Browse<\/strong>.<\/li><li>Specify a file or directory to monitor and click <strong>Select<\/strong>. For example, you can monitor a cPanel log, Apache access log (similar to GoAccess Analytics), or a cPanel user directory. We\u2019ll use the <code>\/var\/log\/secure<\/code> log file which tracks SSH logins, and authentication failures on CentOS. Debian\/Ubuntu users will instead use <code>\/var\/log\/auth.log<\/code>.<\/li><li>Select <strong>Continuously Monitor<\/strong> to show updates to the log file in real-time. <\/li><li>At the top, select <strong>Next<\/strong> to access the Set Source Type page.<\/li><li><em>Source type<\/em> on the left should state \u201clinux_secure\u201d so Splunk knows it is Linux security information. Otherwise, select the button and select <code>linux_secure<\/code> from the drop-down menu.<\/li><li>Select <strong>Next<\/strong> at the top.<\/li><li>(Optional) On the <em>Input Settings<\/em> page, you can change the App context, machine hostname, and Index.<\/li><li>Select <strong>Review<\/strong>.<\/li><li>Ensure everything is correct and select <strong>Submit<\/strong>.<\/li><li>You\u2019ll see \u201c<em>File input has been created successfully<\/em>.\u201d <strong>Start Searching<\/strong>.<\/li><li>To modify the event results, select <strong>Settings<\/strong> and <strong>Data Inputs<\/strong> from the upper-right corner.<\/li><li>Select the data input type on the left. For this example, we\u2019ll select <strong>Files &amp; Directories<\/strong>.<\/li><li>Select <em>Enable<\/em> or <em>Disable<\/em> for the data path in the Status column.<\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"apps\">Splunk Apps and Add-ons<\/h2>\n\n\n\n<p>You can customize your Splunk setup with a massive database of apps and add-ons for better data analysis for your specific server environment. You can install Splunk apps from Splunkbase.Splunk.com\/apps or directly within your Splunk dashboard.<\/p>\n\n\n\n<p>From your Splunk dashboard, select the gear icon on the left beside <em>Apps<\/em>. On other pages, select <strong>Apps<\/strong> and <strong>Manage Apps<\/strong> from the top-left of the page. From here you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Disable and enable installed apps<\/li><li>Modify permissions<\/li><li>Update settings<\/li><li>Launch apps<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps-1024x576.png\" alt=\"Install Splunk apps status\" class=\"wp-image-62870\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps-1024x576.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps-300x169.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps-768x432.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps-1536x864.png 1536w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-apps.png 1920w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure>\n\n\n\n<p>At the top are links to browse installable Splunk apps, install apps manually, and create an app.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"dashboard\">Install Apps in Splunk Dashboard<\/h3>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"559\" src=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring-1024x559.png\" alt=\"Splunk apps in web interface\" class=\"wp-image-62871\" srcset=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring-1024x559.png 1024w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring-300x164.png 300w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring-768x419.png 768w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring-1536x838.png 1536w, https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/splunk-app-install-website-monitoring.png 1920w\" sizes=\"auto, (min-width: 1360px) 876px, (min-width: 960px) calc(61.58vw + 51px), calc(100vw - 80px)\" \/><\/figure><\/div>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>From the Splunk homepage, select <strong>+ Find More Apps<\/strong> on the left.<\/li><li>On the left, search for an app.<\/li><li>Select the <strong>Install<\/strong> button for the app you wish to install. We\u2019ll use the <strong>Website Monitoring<\/strong> Splunk app for our example.<\/li><li>Provide your Splunk.com user credentials, then accept the terms and conditions.<\/li><li>Select <strong>Login and Install<\/strong>.<\/li><li>If notified \u201c<em>Restart Required<\/em>,\u201d select <strong>Restart Now<\/strong>. Click <strong>OK<\/strong> once the restart is successful.<\/li><li>Log back into your Splunk dashboard.<\/li><li>Select <strong>Apps<\/strong> at the top or return to the homepage to see the new app available on the left.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"manual\">Manually Install Splunk Apps<\/h3>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Visit https:\/\/Splunkbase.Splunk.com.<\/li><li>At the top, search for an app.<\/li><li>Select an app. We\u2019ll use the <a rel=\"noreferrer noopener\" href=\"https:\/\/splunkbase.splunk.com\/app\/1620\/\" target=\"_blank\">Splunk Add-on for Cisco ASA<\/a> app as an example.<p class=\"alert alert-info\">The Cisco ASA hardware firewall is available with our Dedicated Server Hosting plans.<\/p><\/li><li>On the right, click <strong>Download<\/strong>, or <strong>Login to Download<\/strong> if applicable.<\/li><li>Accept the license agreements and click <strong>Agree to Download<\/strong>.<\/li><li>Save the file to your computer.<\/li><li>Verify the checksum of your downloaded file against the provided message digest. For example:<br>Windows: <pre>certutil -hashfile SplunkFile.tgz sha256; echo ProvidedChecksum<\/pre><br>Mac:<pre>shasum -a 256 SplunkFile.tgz &amp;&amp; echo ProvidedChecksum<\/pre><br>*nix:<pre>sha256sum SplunkFile.tgz &amp;&amp; echo ProvidedChecksum <\/pre><\/li><li>Once you\u2019ve verified the checksums match, press <strong>OK<\/strong>. If not, <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/reasons-your-checksum-doesnt-match-the-original\/\">troubleshoot why the checksums differ<\/a> before continuing to ensure you don\u2019t upload a corrupted or malicious file.<\/li><li>On the Splunkbase site, select the <strong>Details<\/strong> tab for additional installation information.<\/li><li>In your Splunk web interface, go to your Apps page.<\/li><li>Select <strong>Install app from file<\/strong>.<\/li><li><strong>Browse<\/strong> your local machine and select the compressed Splunk app file.<\/li><li>Click <strong>Upload<\/strong>. If successful, you\u2019ll see \u201c[App] was installed successfully\u201d and it\u2019s already enabled.<\/li><\/ol>\n\n\n\n<p>Learn more about how to get the most out of your SIEM software with official Splunk documentation. Or learn more about free cybersecurity applications and how to stay updated on industry news.<\/p>\n\n\n\n<p>Learn more from our <a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/cloud-server\/\">Cloud Server Hosting Product Guide<\/a>.<\/p>\n\n\n<div class=\"jumbotron\">\r\n<p>If you don\u2019t need cPanel, don't pay for it. Only pay for what you need with our scalable <a href=\"https:\/\/www.inmotionhosting.com\/cloud-vps\">Cloud VPS Hosting<\/a>.<\/p>\r\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>CentOS, Debian, or Ubuntu    <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>No Bloatware    <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/design.inmotionhosting.com\/assets\/icons\/standard\/check-blue.svg\" alt=\"check mark\" width=\"24\" height=\"24\" \/>SSH and Root Access<\/p>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>We have many guides on securing common web hosting solutions: cPanel servers, bare cloud servers, and even the popular WordPress content management system (CMS). Each includes great technical controls for a proactive approach to defense in depth. However, nothing can detect and prevent everything. The only way to address this is to apply administrative controls,<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4299],"tags":[],"class_list":["post-62865","post","type-post","status-publish","format-standard","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Getting Started with Splunk Setup on Linux<\/title>\n<meta name=\"description\" content=\"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Getting Started with Splunk Setup on Linux\" \/>\n<meta property=\"og:description\" content=\"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-02T21:25:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-16T19:29:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"Install Splunk on Linux &#8211; Complete Setup Guide\",\"datePublished\":\"2020-11-02T21:25:45+00:00\",\"dateModified\":\"2021-08-16T19:29:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\"},\"wordCount\":1452,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\",\"name\":\"Getting Started with Splunk Setup on Linux\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png\",\"datePublished\":\"2020-11-02T21:25:45+00:00\",\"dateModified\":\"2021-08-16T19:29:16+00:00\",\"description\":\"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png\",\"width\":1200,\"height\":630,\"caption\":\"Setup Splunk on Linux - Getting Started Guide\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Install Splunk on Linux &#8211; Complete Setup Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Getting Started with Splunk Setup on Linux","description":"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/","og_locale":"en_US","og_type":"article","og_title":"Getting Started with Splunk Setup on Linux","og_description":"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.","og_url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2020-11-02T21:25:45+00:00","article_modified_time":"2021-08-16T19:29:16+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png","type":"image\/png"}],"author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"Install Splunk on Linux &#8211; Complete Setup Guide","datePublished":"2020-11-02T21:25:45+00:00","dateModified":"2021-08-16T19:29:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/"},"wordCount":1452,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png","articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/","url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/","name":"Getting Started with Splunk Setup on Linux","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux-1024x538.png","datePublished":"2020-11-02T21:25:45+00:00","dateModified":"2021-08-16T19:29:16+00:00","description":"Learn how to get Splunk setup on Linux to manage system logs for easier security information and event management (SIEM) initiatives.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#primaryimage","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2020\/11\/Setup-Splunk-on-Linux.png","width":1200,"height":630,"caption":"Setup Splunk on Linux - Getting Started Guide"},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-splunk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"Install Splunk on Linux &#8211; Complete Setup Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":{"id":4299,"name":"Security","slug":"security","link":"https:\/\/www.inmotionhosting.com\/support\/security\/"},"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/62865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=62865"}],"version-history":[{"count":21,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/62865\/revisions"}],"predecessor-version":[{"id":82761,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/62865\/revisions\/82761"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=62865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=62865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=62865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}