Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What script should I use to upgrade multiple universal forwarders on Linux?

rgadepal
New Member
‎06-01-2020 08:49 AM

Hi,

I am looking to upgrade multiple universal forwarders installed on Linux OS at one go.
Could you please help me with the script I should use and the detailed steps on how to use that script?

Note: I have a standalone Splunk indexer.

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-02-2020 01:44 AM

Hi @rgadepal,
as you can see in the Splunk ideas, there's in analysis the possibility to add this feature to Deployment Server, but at the moment the esiest way is to use a tool (third-party management tool like Ansible, Puppet, etc.) otherwise you can use a script that installs one Universal Forwarder at a time, if you want to parallelize UFs installation you can run it more times:

Script

 #!/bin/sh
 # Script to remotely install Splunk forwarder

 # to avoid to store readable password
 read -s -p "Enter Splunk Admin Password: " PASSWORD
 echo 

 # Configuration file
 source /home/your_user/config.ini

 # Command lists to execute in remote forwarder server
 REMOTESCRIPT="
 cd $DIRDEST
 $WGETCMD
 sudo tar -xzf $FWDTGZ
 sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
 sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
 sudo $DIRDEST/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
 sudo $DIRDEST/splunkforwarder/bin/splunk set deploy-poll \"$DEPLOYSERVER\" -auth admin:$PASSWORD
 sudo $DIRDEST/splunkforwarder/bin/splunk enable boot-start -user splunk
 sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
 sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk restart
 "

 # Installation execution
 echo "============================= FORWARDER REMOTE INSTALLER ============================="
 echo
 sleep 5
 echo "Reading host logins from $TARGETSFILE"
 echo 
 echo "Start Forwarder remote installation to:"

 # hosts cycle
 for DEST in `cat "$TARGETSFILE"`; do

     if [ -z "$DEST" ]; then
         continue;
     fi
     echo 
     echo "- $DEST"
     ssh "$DEST" "$REMOTESCRIPT"

 done

Config.ini

 TARGETSFILE="/home/my_user/targets.ini"
 DIRDEST="/opt"
 WGETCMD="sudo wget -O splunkforwarder-your_version.tgz 'your_link"
 FWDTGZ="/opt/splunkforwarder-your_version.tgz"
 DEPLOYSERVER="your_Deployment_Server:8089"

Adapt the script to your needs.
In addition you could insert your host list in another file and read them from it.
Another hint is to copy in $SPLUNK_HOME/etc/apps a Technical Add-on in which there are two files: outputs.conf and deploymentclient.conf, in this way your Forwarders will connect directly to you Deployment Server and you can manage them

Ciao.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...