Archive
Highlighted

Splunk Arm64 download

Engager

In the requirements for Splunk Enterprise it says that there is a download for Arm64 but it not supported. I can’t find the download though. Anyone know where I can get it?

Thanks.

Tags (1)
Highlighted

Re: Splunk Arm64 download

Splunk Employee
Splunk Employee

Can you provide the link to the docs you reference? I am not aware of an ARM download for Splunk Enterprise, but there is one for a Universal Forwarder. Or at least there was; the relevant splunkbase page now shows that it was removed.

0 Karma
Highlighted

Re: Splunk Arm64 download

Splunk Employee
Splunk Employee

Hey @unixmit and @ssievert -- for the universal forwarder ARMv6 you can get it by going to the Linux options of the universal forwarder download page (from the menu at the bottom of the splunk.com website in the footer menu), or by clicking this link: https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux I'm not sure what the Splunk Enterprise download is but as @ssievert said please provide the link so we or others can help you.

0 Karma
Highlighted

Re: Splunk Arm64 download

Explorer

As you noted - there is 32bit splunk UF available for linux - but that doesn't work on armv8 linux.

0 Karma
Highlighted

Re: Splunk Arm64 download

Explorer

There is a linux splunk UF for armv6 (32 bit) available on the splunk downloads page, but nothing yet for armv8 (64 bit) linux. Any idea when that might be available?

0 Karma
Highlighted

Re: Splunk Arm64 download

SplunkTrust
SplunkTrust
0 Karma
Highlighted

Re: Splunk Arm64 download

Explorer

I've seen that already. That is only for 32bit arm linux. I am looking for 64bit arm linux (aarch64) splunk universal forwarder. The splunk UF download page only has 32bit for arm. Also I am interested in monitoring log files with splunk UF - not just packet captures via a tap or HEC postings of events.

Highlighted

Re: Splunk Arm64 download

Splunk Employee
Splunk Employee

I was able to get the ARMv6, 32-bit Splunk Universal Forwarder to work on a "Raspberry Pi 4" running Ubuntu (19.10 (Eoan Ermine)) using these steps:

  1. dpkg --add-architecture armhf
  2. apt-get update
  3. apt-get install libc6:armhf
  4. libstdc++6:armhf
  5. cd /lib
  6. ln -s arm-linux-gnueabihf/ld-2.30.so ld-linux.so.3

Output from "uname -a": Linux ubuntu 5.3.0-1014-raspi2 #16-Ubuntu SMP Tue Nov 26 11:18:23 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

/opt/splunkforwarder/bin/splunk start

Splunk> Map. Reduce. Recycle.

Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.0.3-a6754d8441bf-Linux-arm-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done

0 Karma
Highlighted

Re: Splunk Arm64 download

Splunk Employee
Splunk Employee

Please vote for Splunk ARMv8-64 UF here: https://ideas.splunk.com/ideas/APPSID-I-35

0 Karma