installing splunk on centos 7

06 Nov 2016

I recently had to deploy a Splunk Enterprise instance, and when installing on CentOS 7 I encountered a few bumps. I’m noting them here just to document the steps for future reference, and also possibly streamline the process for others.

1) Spun up a VM with CentOS 7. Upon trying to install VMWare Tools, bumps…

2) No PERL with CentOS Minimal out of the box, so:

yum install perl

3) VMWare Tools needs ifconfig:

yum install net-tools

4) VMWare Tools also needs gcc:

yum group install "Development Tools"

This might be overkill to install the entire group, but it can’t hurt.

5) Install VMWare Tools. Reboot.

6) Download Splunk:

wget -O splunk-6.5.0-59c8927def0f-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.5.0&product=splunk&filename=splunk-6.5.0-59c8927def0f-linux-2.6-x86_64.rpm&wget=true'

7) Install Splunk:

yum install splunk-6.5.0-59c8927def0f-linux-2.6-x86_64.rpm

8) Start Splunk:

/opt/splunk/bin/splunk start

9) Open the firewall:

firewall-cmd --zone=public --add-port=8000/tcp --permanent firewall-cmd --reload

Now the web interface should be accessible on port 8000 over http. You will definitely want to key a TLS certificate so you aren’t sending your password in the clear when you authenticate.