# Introduction Splunk is the data platform that powers observability, unified security, and custom applications in hybrid environments at an enterprise level. # Sizing [System Requirements](https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/Systemrequirements) Ports - 9997 - splunk indexers forwarding - 8000 - clients using splunk search - 8089 - splunkd # Installation on Windows https://www.splunk.com/en_us/download/splunk-enterprise.html?locale=en_us Download Connect on localhost:8000 services.msc now includes a Splunkd Service which starts on startup. # Installation on Linux https://www.splunk.com/en_us/download/splunk-enterprise.html?locale=en_us copy wget commandline for .tgz extract with tar ``` tar xvzf splunk-9.0.1-82c987350fde-Linux-x86_64.tgz ``` ``` /opt/splunk/bin/splunk start --accept-license ``` Connect to generated link web interface Splunk doesn't run at startup by default, enable with this command ``` /opt/splunk/bin/splunk enable boot-start ``` Restart and check status ``` /opt/splunk/bin/splunk status ``` # Splunk Universal Forwarders Check MD5 with ``` Get-FileHash .\splunkforwarder-9.0.0.1-9e907cedecb1-x64-release.msi -Algorithm md5 ``` Select 'on prem splunk enterprise instance' Default configuration Give username to universal forwarder give server IP/Hostname and port to receiving indexer check services.msc to see if SplunkForwarder Service is up (Windows) Check communication via powershell ``` Test-NetConnection -Computername Splunk_IP -port 9997 ``` go to splunk server management webpage settings>forwarder management # Add Data to Splunk ![[forwarder3.png]] ![[forwarder4.png]] ![[data1.png]] ![[data2.png]] Check Indexes under settings Add Receiver ![[receive2.png]] ![[indexes3.png]] Add data from uploaded logs ![[forwarder3 1.png]] ![[upload1.png]] ![[upload2.png]] # Search # Reports # Alerts # Dashboards # Health Status Check # User Management