{"id":25636268,"url":"https://github.com/bernardofosu/install_splunk_bash_script","last_synced_at":"2026-04-20T03:35:13.405Z","repository":{"id":276765778,"uuid":"930202506","full_name":"bernardofosu/Install_splunk_bash_script","owner":"bernardofosu","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-20T15:18:58.000Z","size":17,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-20T16:28:13.577Z","etag":null,"topics":["bash-script","bash-scripting","linux","shell-script","splunk","ubuntu"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bernardofosu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-10T08:49:21.000Z","updated_at":"2025-02-20T15:19:01.000Z","dependencies_parsed_at":null,"dependency_job_id":"52133876-9de9-4d85-b5a5-e336f6eb33ac","html_url":"https://github.com/bernardofosu/Install_splunk_bash_script","commit_stats":null,"previous_names":["bernardofosu/intall_splunk_bash_script"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bernardofosu%2FInstall_splunk_bash_script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bernardofosu%2FInstall_splunk_bash_script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bernardofosu%2FInstall_splunk_bash_script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bernardofosu%2FInstall_splunk_bash_script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bernardofosu","download_url":"https://codeload.github.com/bernardofosu/Install_splunk_bash_script/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240253009,"owners_count":19772224,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash-script","bash-scripting","linux","shell-script","splunk","ubuntu"],"created_at":"2025-02-23T00:35:59.906Z","updated_at":"2025-11-13T03:33:00.316Z","avatar_url":"https://github.com/bernardofosu.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# πŸš€ Install Splunk Using a Bash Script\n\n## πŸ“Œ Key Notes:\nβœ… This script installs Splunk 9.3.2 for Linux.\n\nβœ… Designed for Ubuntu, but can be modified for other distros.\n\nβœ… If you're using Amazon Linux, replace apt with yum.\n\nβœ… For RedHat, replace apt with dnf.\n\n## πŸ›  Installation Instructions:\n**1️⃣** Open the install_splunk.sh script file using any text editor.\n\n**2️⃣** Copy all the script content.\n\n**3️⃣** On your server, use a text editor (nano or vi) and paste the script.\n\n**4️⃣** Save the file and exit the editor.\n\n## πŸ” Grant Execution Permissions:\nAfter creating the script, run the following command to make it executable:\n```sh\nsudo chmod +x install_splunk.sh\n```\n\n### πŸš€ Run the installation script\n```sh\nsudo ./install_splunk.sh\n```\n##### πŸ“Œ Note:\n_**./** means you are running the script from the current directory. If you are not in the current directory, use the full path to the script instead_\n\n_πŸ”‘ Using sudo ensures proper permissions for installation!_\n\n_πŸ‘€ If you're not using the root user, you'll need sudo to perform administrative actions during installation_\n\n## πŸ“œ What’s Inside the Installation Script?\n\n### πŸ”Ή Step 1: Update and Upgrade Package Managers\n```sh\nsudo apt update \u0026\u0026 sudo apt upgrade -y\n```\n\n### πŸ”Ή Step 2: Create a Splunk User (using adduser)\n#### Disabled the prompt\n```sh\nsudo adduser --disabled-password --gecos \"\" splunk\n```\n\n### πŸ”Ή Step 3: Creating Splunk user password on the linux box not for splunk web\n_note: echo \"Creating Splunk user password on the linux box not for splunk web_\"\n```sh\nsudo passwd splunk\n```\n\n### πŸ”Ή Step 4: Add the Splunk User to the Root Group\n```sh\nsudo usermod -aG sudo splunk\n```\n\n### πŸ”Ή Step 5: Download Splunk Enterprise\n```sh\nSPLUNK_URL=\"https://download.splunk.com/products/splunk/releases/9.3.2/linux/splunk-9.3.2-d8bb32809498-Linux-x86_64.tgz\"\nwget -O /tmp/splunk-9.3.2.tgz \"$SPLUNK_URL\"\n```\n\n### πŸ”Ή Step 6: Install Splunk Enterprise\n```sh\nsudo tar -xzvf /tmp/splunk-9.3.0.tgz -C /opt\n```\n\n### πŸ”Ή Step 7: Change ownership of /opt/splunk\n```sh\nsudo chown -Rf splunk:splunk /opt/splunk\n```\n\n### πŸ”Ή Step 8: Install plocate\n```sh\nsudo apt install plocate -y\n```\n\n### πŸ”Ή Step 9: Locate system.conf\n```sh\nsudo updatedb\nlocate system.conf\n```\n\n### πŸ”Ή Step 10: Update system.conf to increase ulimit values\n```sh\necho \"Updating /etc/systemd/system.conf to increase ulimit values...\"\nsudo cp /etc/systemd/system.conf /etc/systemd/system.conf.bak\nsudo sed -i.bak \\\n -e 's/^#DefaultLimitNOFILE=.*/DefaultLimitNOFILE=64000/' \\\n -e 's/^#DefaultLimitNPROC=.*/DefaultLimitNPROC=16000/' \\\n -e 's/^#DefaultTasksMax=.*/DefaultTasksMax=80%/' \\\n -e '/^DefaultLimitNOFILE=/!s/^DefaultLimitNOFILE=.*/DefaultLimitNOFILE=64000/' \\\n -e '/^DefaultLimitNPROC=/!s/^DefaultLimitNPROC=.*/DefaultLimitNPROC=16000/' \\\n -e '/^DefaultTasksMax=/!s/^DefaultTasksMax=.*/DefaultTasksMax=80%/' \\\n /etc/systemd/system.conf\n```\n\n### πŸ”Ή Step 11: Disable Transparent Huge Pages (THP)\n```sh\necho 'never' | sudo tee /sys/kernel/mm/transparent_hugepage/enabled\necho 'never' | sudo tee /sys/kernel/mm/transparent_hugepage/defrag\n```\n\n### πŸ”Ή Step 12: Navigate to Splunk bin\n```sh\ncd /opt/splunk/bin || exit\n```\n\n### πŸ”ΉStep 13: Start Splunk with automatic license acceptance and confirmation\nWhen starting Splunk for the first time, you'll be prompted for a username and password.\n### πŸ”Ή Important Notes:\nβœ… This username and password are for Splunk Web, not the Linux system user.\n\nβœ… You can choose different credentials from your Linux Splunk user.\n\nβœ… A common username for testing is admin, and you can set your preferred password.\n```sh\nsudo ./splunk start --accept-license --answer-yes -user splunk\n```\n\n### πŸ”Ή Step 14: Enable Splunk boot-start with automatic license acceptance and confirmation\n```sh\nsudo ./splunk enable boot-start --accept-license --answer-yes -user splunk\n```\n\n### πŸ”Ή Step 15: Reset ownership of /opt/splunk\n```sh\nsudo chown -Rf splunk:splunk /opt/splunk\n```\n\n### πŸ”Ή Step 16: Switch to Splunk User and start Splunk\n```sh\nsudo su - splunk -c \"\n cd /opt/splunk/bin;\n echo 'Checking if Splunk is running...';\n ./splunk status || echo 'Splunk is not running. Starting Splunk...';\n ./splunk start\n\"\n\n```\n\n### Step 17: Enable Splunk Web SSL (HTTPS)\n```sh\necho \"Enabling Splunk Web SSL...\"\nsudo -u splunk bash -c 'echo -e \"[settings]\\nstartwebserver = True\\nenableSplunkWebSSL = True\\nsslVersions = tls1.2\\n\" \u003e\u003e /opt/splunk/etc/system/local/web.conf'\n```\n\n### Step 18: Restarting After Enabling HTTPS\n```sh\nsudo /opt/splunk/bin/splunk restart\n```\n\n# Instructions for managing Splunk\n```sh\necho \"To manage Splunk, use the following commands as the Splunk user:\"\necho \" Start Splunk: ./splunk start\"\necho \" Stop Splunk: ./splunk stop\"\necho \" Restart Splunk: ./splunk restart\"\necho \"Script execution completed.\"\n```\n\n\n## πŸš€ Simplifying Splunk Installation for the Architect Class\nSince we are installing multiple Splunk instances for the architect class, I have designed a Bash script to streamline the process and speed up our work. \n\nIf you encounter any issues while using it, please let me know. I'm happy to help! 😊 \n\n#### πŸ’¬ **Share Your Views!** \nJoin the discussion on the repository to share feedback and suggestions for improvement. \n\n#### πŸ”§ **Want to Contribute?** \nYou can **fork** the repository, modify the script, and send a **pull request** to enhance it! πŸš€ \n\nThank you for your support! πŸ™Œ \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbernardofosu%2Finstall_splunk_bash_script","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbernardofosu%2Finstall_splunk_bash_script","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbernardofosu%2Finstall_splunk_bash_script/lists"}