By: Michael L’Abbe
Keyes Information Technology is an information security consulting firm that specializes in the implementation and customization of Splunk solutions for clients across a broad spectrum of specialties. In my time with this organization, I have had the opportunity to work with our certified Splunk Power users and certified architects in multiple engagements. This experience has proven to me how much of a versatile and powerful tool Splunk can be. Over the past few months I have learned a lot about Splunk through installation and configuration across multiple platforms. While I do believe that on-the-job training is the best way to gain knowledge and experience, I do feel I am lacking in the formal Splunk education. Because of this lack of formal training, I have decided to start from scratch with Splunk and take you all along with me on my journey.
This week’s post will accomplish the following tasks:
- Create a training roadmap that outlines my certification goals and the steps I intend to take to achieve those goals
- Create a new Splunk account
- Download a free version of Splunk Enterprise
- Install Splunk Enterprise on my Windows 10 machine
Splunk certifications are broken down into 3 tracks with each one building on knowledge gained from the previous. The 3 tracks are Splunk Certified Power User, Splunk Certified Admin, and Splunk Certified Architect. Throughout this process, it is my goal to obtain all 3 certifications. In order to get there, I will complete the following Splunk courses:
- Splunk Tutorial (Free eLearning course)
- Using Splunk
- Searching and Reporting with Splunk
- Creating Splunk Knowledge Objects
- Splunk Infrastructure Overview (eLearning)
- Splunk Data Administration
- Splunk System Administration
- Advanced Dashboards and Visualizations
- Architecting and Deploying Splunk
- Splunk Architect Certification Lab
Create a Splunk.com Account
This is probably the easiest task we will discuss in this entire series. To create an account visit splunk.com and navigate to the ‘sign up’ link. At the time of this post the link is located under the profile icon in the upper right corner of the main page. Once there simply fill in the required fields and click ‘Create Your Account’.
Figure 1 is a screenshot of the sign-up form. Upon completion of the form click the ‘I have read and understand’ box and click ‘Create Your Account’. Within a minute, you will receive an email asking you to click a link to confirm. Click the link to confirm your email and you will be redirected to splunk.com where your account will be activated. That’s really all there is to it. You now have an active splunk.com account.
Download Splunk Enterprise
Now that we have splunk.com accounts and are on splunk.com, you should see a big green box in the upper right corner of the page that says ‘FREE SPLUNK’. Figure 2 is a screenshot of the link.
When you click on the link it takes you to a page where you can select from a list of Splunk core products. For what I am doing I am going to choose the Splunk Enterprise Free Download link. When you click on ‘Free Download’ it takes you to a page where you can select between the Windows 64 and 32-bit versions or select a different operating system altogether. Choose the one that works for you and click ‘Download Now’. You also have the option to download and install Splunk through a command line, but for what I am doing there is no reason to go that route. Later in this series as we get more advanced we will be creating scripts to download and install Splunk through a command line for different configurations. For now though, I am just going to download through the GUI. I am using Windows 10 on a 64-bit machine, so I chose the Windows 64-bit version. The download starts immediately and depending on your connection should only take around 10 minutes. Total file size is 154 MB.
Install Splunk Enterprise
The download is complete and ready to install. Before we start installation make sure you are logged into your system as the administrator or at least have the administrator credentials. For my setup, I downloaded the installer to my downloads folder. At the time of this post, the current Splunk release is 6.5.2. The name of the installer is splunk-6.5.2-67571ef4b87d-x64-release. Double click the installer and you should get the screen shown in figure 3. You have to check the box to accept the agreement before you can proceed. The list of default options are displayed with the option to customize. Because this is a basic install and being used for training purposes, I will install using all defaults. After checking the agreement box the install button becomes available. Click on install and let the Setup Wizard do its thing. My system always wants to know if I really want to do what I said to do. I click on yes and the installation continues. Figure 4 shows what you should see during the installation. This is all a pretty standard application install. When complete you should get a window that says Splunk was successfully installed and asks if you would like to launch your browser with Splunk Enterprise. Check the box and click ‘Finish’. This will open up a web browser to localhost on port 8000. You should see the first time signing in page with the Splunk Enterprise logo as seen in figure 5. The first time login credentials are listed right on the page above the username and password box. The first time login will always be username = admin and password = changeme. You will be prompted to change your password after logging in. After changing the password you should see the Splunk Home screen shown in figure 6.
This seems like a good place to stop for now. Next week we’ll get started with the free Splunk tutorial. The tutorial comes in 7 parts with each part building on the previous. The following is a list of what’s covered in the tutorial:
- Part 1: Getting started
- Part 2: Uploading the tutorial data
- Part 3: Using the Splunk Search app
- Part 4: Searching the tutorial data
- Part 5: Enriching events with lookups
- Part 6: Creating reports and charts
- Part 7: Creating dashboards
Next week the plan is to get through at least part 4. If there is anything specific you would like me to add as I go along, please feel free to leave a comment below and let me know. Otherwise I’ll see you next week as we continue our Splunk journey.
VP and COO
Keyes Information Technology