Splunk is a software platform to search, analyze and visualize the machine-generated data gathered from the websites, applications, sensors, devices etc. which make up your IT infrastructure and business.

Mainly Splunk does these things:

  • Ingests Data
  • Parses, indexes and stores data
  • Runs searches on index data

For more info visit: https://www.splunk.com/

Installation

1. Go to Splunk site and register for Free Splunk.

  • https://www.splunk.com/

2. Go to Products – Free trials & Downloads

  • Download Free 60 days trial

3. Choose the platform, and click download

  • Windows
  • Linux
  • Mac OS

Note: I downloaded .tgz file, as I’m running Ubuntu

4. Use tar extract

  • tar -zxf <filename>.tgz

5. Access the splunk directory

  • cd splunk/bin
  • ls

6. Start the service & accept the license (this is to skip reading)

  • sudo ./splunk start --accept-license

7. Fill the information required

  • Username: admin1
  • Password: administrator123

8. Notice that the service has started and we can access the Splunk local service

9. We can check the process tatus

  • sudo ./splunk status

10. Open a browser and go to http://127.0.0.1:8000 & log in

  • admin1
  • administrator1

11. After successful authentication, you get to the main page

 

Categories: Blue Team

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *