Solved: How do I install it in Universal Forwarder?

charleslcso · ‎04-19-2011

I have machines that has only the Universal Forwarder installed. How to I install and configure Splunk for *nix to run on these machines and forward data to the Indexer?

dwaddle · ‎04-19-2011

You can install the app simply by exploding the .tar.gz into $SPLUNK_HOME/etc/apps. To configure it, you will need to update some local config files to enable the various inputs.

The easiest way to configure might be to install an lightweight forwarder with Splunk for *nix, go through the configuration panels there, and then use the updated app with configuration files to deploy to your Universal forwarders.

View solution in original post

dwaddle · ‎04-19-2011

You can install the app simply by exploding the .tar.gz into $SPLUNK_HOME/etc/apps. To configure it, you will need to update some local config files to enable the various inputs.

The easiest way to configure might be to install an lightweight forwarder with Splunk for *nix, go through the configuration panels there, and then use the updated app with configuration files to deploy to your Universal forwarders.

charleslcso · ‎04-19-2011

Do I make a directory copy of $SPLUNK_HOME/etc/apps to the Universal Forwarder's $SPLUNK_HOME/etc/apps?

I am thinking of using and configuring a test machine as you suggested.

How do I install it in Universal Forwarder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation