- First you need to create a AWS account (https://aws.amazon.com/free )
- This is Completly Free and will cost you nothing.
- Once Completed, Login as Root User to avoid Restrictions.
- Search " Lightsail " and select it.
- Once there select "Create Instance"
- Seletct " Linux/Unix " for platform
- Under blueprint, Select " Operating System (OS) only "
- Select " Amazon Linux 2 "
- Select "$12" option for the size
- Then give your instance a name
- Create a Splunk Account
- This comes with a Free Trial also. (https://www.splunk.com/en_us/download.html)
- Download Splunk Enterpise
- Select "Linux" and download the ".tgz " file.
- Save The "wget" info. Yow will need it shortley.
- Go back to your Lightsail Insance
- Select "Connect using SSH" and a screen will display.
Enter these commmands in order. I will Display images to show how it looks in the end.
- ls
- sudo su
- passwd
- create a password you will remember and add to notes.
- useradd splunk
- mkdir /opt/splunk
- cd /opt/
- Next you're gonna use the "wget" download from earlier to insatll Splunk.
- For Exapmle: wget -O splunk-9.4.2-e9664af3d956-linux-amd64.tgz "https://download.splunk.com/products/splunk/releases/9.4.2/linux/splunk-9.4.2-e9664af3d956-linux-amd64.tgz"
- Once the download is finished, you're gonna use a command to automatically accept the license.
- $sudo /opt/splunk/bin/splunk start --accept-license
Something Like this will show after accepting the license. Please Save it. The Splunk web interface is at http://ip-172-26-8-103.ec2.internal:8000
1. First we will create a Firewall rule on the Lightsail Instance 2. Select Networking - click "Add rule". Add All TCP Traffic then create.
- Take your public IP Address and edit it into the url given by the linux server.
- For Example: http://ip-172-26-8-103.ec2.internal:8000 -> http://54.172.74.63:8000
- This gives your splunk enterprise instance.
- Login using your created credinentiasl from earlier
CONGRATS YOU HAVE DEPLOYED SPLUNK ENTERPRISE INSTANCE ON AWS