How to Install or Update Splunk on Red Hat Linux: A Comprehensive Guide

 How to Install or Update Splunk on Red Hat Linux

In this article, we’ll walk you through the detailed steps to install or update Splunk on Red Hat Linux. Whether you're setting up Splunk for the first time or updating an existing installation, follow these instructions to ensure a smooth and successful process. Learn how to download, upload, unzip, verify, and start your Splunk instance, as well as how to create backups and check the status of your installation.

 Steps for Installation

1. **Download Splunk Package**:

   - Obtain the Splunk package in `.tgz` format from the official Splunk website.

2. **Upload Splunk**:

   - Transfer the downloaded Splunk package to your desired location on your Red Hat Linux system.

3. **Unzip the Package**:

   - Extract the contents of the `.tgz` file.
   - command.  : sudo tar -xvzf splunkforwarder-9.2.1-78803f08aabb-Linux-x86_64.tgz

4. **Verify the Installation**:

   - Ensure the files are properly extracted and located in the right directory.

5. **Start Splunk Instance**:

   - Initialize the Splunk instance to begin using the application.

      - Command: sudo ./splunk start

6. **Check Status**:

   - Verify that Splunk is running correctly by checking its status.

     - Command: sudo ./splunk status 
     - Command : ps aux | grep splunkd

 Steps for Updating

1. **Download Splunk Package**:

   - Get the latest Splunk package in `.tgz` format.

2. **Upload Splunk**:

   - Place the new Splunk package in the directory where Splunk is already installed.

3. **Stop Current Splunk Instance**:

   - Halt the currently running Splunk instance to prepare for the update.

   - commands :
     cd /opt/splunkforwarder/bin

     sudo ./splunk stop
    go in opt folder

    backup : sudo tar -czvf splunkBackup_9.1.2.tar.gz splunkforwarder

4. **Unzip the Package**:

   - Extract the new package over the existing installation.

   - commands :

     cd where .tgz file | splunk pkg uploaded

      sudo tar -xvzf splunkforwarder-9.2.1-78803f08aabb-Linux-x86_64.tgz

5. **Verify the Installation**:

   - Check that the update files are correctly applied.

6. **Start Splunk Instance**:

   - Restart the Splunk instance to complete the update process.

    -  command: sudo ./splunk start

7. **Check Status**:

   - Confirm that the updated Splunk instance is operational by verifying its status.

   - Command: sudo ./splunk status 
   - command : ps aux | grep splunkd

By following these steps, you can ensure a successful installation or update of Splunk on your Red Hat Linux system.