How to install Splunk in Ubuntu 20.04
This article will describe how to install Splunk Enterprise in Ubuntu 20.04. For this tutorial I will be installing the free edition of Splunk Enterprise in Ubuntu Desktop 20.04.1.
Splunk is a popular platform used to monitor, search, analyze and visualize machine-generated data in enterprise environments.
Step 1: Download Splunk
Open your preferred browser in Ubuntu and navigate to https://www.splunk.com/.
In the top right corner, hit the Free Splunk button.
You will be prompted to register an account, which you will need to do before Splunk can be downloaded.
If you already have an account, simply login.
Under Splunk Core Products select Splunk Free.
Under Choose Your Installation Package, select Linux and download the
Read and accept the license agreement, then click Start Your Download Now.
When the download prompt appears, ensure to select Save File and click OK.
Step 2: Install Splunk
Once the download is complete, you can simply run the install by double-clicking the downloaded file.
Enter your password when prompted and click Authenticate.
The Splunk installation will take several minutes to complete, so put your feet up or make a coffee.
When the install has finished, the progress bar will disappear and you will see a red Remove button. Do not click this. You can simply close this window.
Finally, you can check the package status to verify the installation.
Open a terminal window and enter the following command:
dpkg --status splunk
The status should show as install ok installed.
Step 3: Running and configuring Splunk
Splunk will have been installed into the directory
In the terminal window, change into the
You are now ready to run Splunk. Make sure your terminal is in the
/opt/splunk/bindirectory and enter the following command:
sudo ./splunk start
Read the license terms carefully, and if you agree hit y followed by Enter to accept them when prompted.
Note: At your own risk, you can page down quickly in the terms by using
As an alternative, you can auto-accept the license agreement by passing an argument to the
startcommand when running Splunk for the first time:
sudo ./splunk start --accept-license
Since this is the first time running Splunk, you will be prompted to create a Splunk admin account.
Simply hit Enter to use the default username
admin, or alternatively enter your preferred username.
Next, you will need to set a password for the admin user. These are the credentials you will use to login to Splunk Enterprise, so make sure to remember them!
The Splunk auto-configuration will run and attempt to start the web server on port 8000. If this port is already in use, Splunk will attempt to use another available port. I’ll assume that port 8000 is being used.
Open your preferred browser and navigate to
You should see the Splunk Enterprise login page.
Enter the username and password created in the above steps and click Sign In.
The Splunk web dashboard will display.
This concludes the basic installation of Splunk Enterprise in Ubuntu Desktop 20.04.
Starting and Stopping Splunk
Splunk can be manually started from the terminal:
sudo /opt/splunk/bin/splunk start
And to stop Splunk:
sudo /opt/splunk/bin/splunk stop
Splunk can also be set to automatically start on boot:
sudo /opt/splunk/bin/splunk enable boot-start
And you can turn off the auto-run as well:
sudo /opt/splunk/bin/splunk disable boot-start