Skip to content

Splunk Server Installation Guide for CentOS 9

This guide outlines the steps to install Splunk on a CentOS 9 system. The installation of Splunk is a prerequisite for a Splunk course that you are about to undertake. Splunk is a powerful platform used for searching, monitoring, and analyzing machine-generated data, making it an essential tool for log analysis, security information, and event management.

Step 1: Install Splunk

  1. Access your personal terminal that runs Centos 9.

  2. Run the following command to install Splunk:

    sudo wget -O splunk-9.1.1-64e843ea36b1.x86_64.rpm "https://download.splunk.com/products/splunk/releases/9.1.1/linux/splunk-9.1.1-64e843ea36b1.x86_64.rpm"

  3. Install the downloaded rpm file with:

    sudo rpm -i splunk-9.1.1-64e843ea36b1.x86_64.rpm

Note: install wget if you're getting an error using:

sudo yum install wget -y

Step 2: Start Splunk

  1. After the installation is complete, start Splunk by running the following command:

    sudo /opt/splunk/bin/splunk start

  2. Accept the license agreement with y

  3. Enter the following administrator credentials below, this will be required for the mentor to access your splunk server

    • Username: admin
    • Password: 4c4d3my_1

Step 3: Access Splunk Web

  1. Open a web browser.

  2. Enter the following URL:

    http://<your server IP>:8000

  3. Log in using the default credentials:

    • Username: admin
    • Password: 4c4d3my_1

Note: If you cannot access your splunk web ui, make sure that your firewall is opened for port 8000:

sudo systemctl start firewalld
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --reload

Stopping Splunk

To stop Splunk, run the following command in the terminal:

sudo /opt/splunk/bin/splunk stop