Create EC2 Instances

EC2 - Splunk Server

• Name and tags = Splunk Server
• Instance type = t2.xlarge
• Network settings
• My IP
• Allow HTTP traffic from the internet
• 20 GiB of storage

EC2 - Splunk Forwarder

• Name and tags = Splunk Forwarder
• Instance type = t2.micro
• Network settings
• My IP

Splunk Enterprise Server

• Start a terminal connection to the EC2 instance

• Update OS, install docker and start it

  sudo bash
  yum update -y
  

• Execute the wget in the terminal to download the install file, and then install the splunk .rpm file.

  wget -O splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm "<https://download.splunk.com/products/splunk/releases/9.0.2/linux/splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm>"
  sudo yum install ./splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm -y
  

• start the splunk server

  cd /opt/splunk/bin
  ./splunk start --accept-license --answer-yes
  ./splunk enable listen 9997
  ./splunk restart
  

• In AWS EC2 open ports to 8000 and 9997

Splunk Universal Forwarder