Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Install splunk forwarder in Linux servers

aalhabbash1
Path Finder
‎12-04-2019 11:32 AM

Hi All;

Is there way to push and install splunk forwarder to multiple Linux servers at same time?
If you have script please provide me.

Thanks

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-06-2019 12:39 AM

Hi @aalhabbash1,
the esiest way is to use a tool (as suggested by @richgalloway) otherwise you can use a script that installs one Universal Forwarder at a time, if you want to parallelize UFs installation you can run it more times:
Script

#!/bin/sh
# Script to remotely install Splunk forwarder

# to avoid to store readable password
read -s -p "Enter Splunk Admin Password: " PASSWORD
echo 

# Configuration file
source /home/your_user/config.ini

# Command lists to execute in remote forwarder server
REMOTESCRIPT="
cd $DIRDEST
$WGETCMD
sudo tar -xzf $FWDTGZ
sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
sudo $DIRDEST/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
sudo $DIRDEST/splunkforwarder/bin/splunk set deploy-poll \"$DEPLOYSERVER\" -auth admin:$PASSWORD
sudo $DIRDEST/splunkforwarder/bin/splunk enable boot-start -user splunk
sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk restart
"

# Installation execution
echo "============================= FORWARDER REMOTE INSTALLER ============================="
echo
sleep 5
echo "Reading host logins from $TARGETSFILE"
echo 
echo "Start Forwarder remote installation to:"

# hosts cycle
for DEST in `cat "$TARGETSFILE"`; do

    if [ -z "$DEST" ]; then
        continue;
    fi
    echo 
    echo "- $DEST"
    ssh "$DEST" "$REMOTESCRIPT"

done

Config.ini

TARGETSFILE="/home/my_user/targets.ini"
DIRDEST="/opt"
WGETCMD="sudo wget -O splunkforwarder-your_version.tgz 'your_link"
FWDTGZ="/opt/splunkforwarder-your_version.tgz"
DEPLOYSERVER="your_Deployment_Server:8089"

Adapt the script to your needs.
In addition you could insert your host list in another file and read them from it.
Another hint is to copy in $SPLUNK_HOME/etc/apps a Technical Add-on in which there are two files: outputs.conf and deploymentclient.conf, in this way your Forwarders will connect directly to you Deployment Server and you can manage them

Ciao.
Giuseppe

Reply

gcusello
SplunkTrust
SplunkTrust
‎02-12-2020 10:03 AM

Hi @aalhabbash1,
did the answer solve your need?
if yes, please accept it for other people of Community, if not tell me what's the problem.

Ciao.
Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2019 11:37 AM

There is no Splunk solution for that. Use a third-party management tool like Ansible, Puppet, etc.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...