In the requirements for Splunk Enterprise it says that there is a download for Arm64 but it not supported. I can’t find the download though. Anyone know where I can get it?
Can you provide the link to the docs you reference? I am not aware of an ARM download for Splunk Enterprise, but there is one for a Universal Forwarder. Or at least there was; the relevant splunkbase page now shows that it was removed.
Hey @unixmit and @ssievert -- for the universal forwarder ARMv6 you can get it by going to the Linux options of the universal forwarder download page (from the menu at the bottom of the splunk.com website in the footer menu), or by clicking this link: https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux I'm not sure what the Splunk Enterprise download is but as @ssievert said please provide the link so we or others can help you.
There is a linux splunk UF for armv6 (32 bit) available on the splunk downloads page, but nothing yet for armv8 (64 bit) linux. Any idea when that might be available?
I hope this helps you!
I've seen that already. That is only for 32bit arm linux. I am looking for 64bit arm linux (aarch64) splunk universal forwarder. The splunk UF download page only has 32bit for arm. Also I am interested in monitoring log files with splunk UF - not just packet captures via a tap or HEC postings of events.
I was able to get the ARMv6, 32-bit Splunk Universal Forwarder to work on a "Raspberry Pi 4" running Ubuntu (19.10 (Eoan Ermine)) using these steps:
Output from "uname -a": Linux ubuntu 5.3.0-1014-raspi2 #16-Ubuntu SMP Tue Nov 26 11:18:23 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
Splunk> Map. Reduce. Recycle.
Checking mgmt port : open
Checking conf files for problems...
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.0.3-a6754d8441bf-Linux-arm-manifest'
All installed files intact.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...