Installation

Splunk Installation during Linux OS Install/Upgrade

santosh_hb
Explorer

Hi All, Need a quick help on the below information:

Is it possible to install the Splunk Enterprise as a part of Linux (RHEL, Ubuntu...) package.
i.e. during the Linux OS installation/upgrade package I would like to include the steps (script) so that Splunk Enterprise also gets installed along with the OS install/upgrade.
If yes, do you have any script available for this?

regards,
Santosh

Tags (1)
0 Karma

santosh_hb
Explorer

Thanks David, for the details.

0 Karma

DavidHourani
Super Champion

you're welcome @santosh_hb 😉 Please upvote/accept if it was helpful !

0 Karma

DavidHourani
Super Champion

Hi @santosh_hb,

For your first question, yes Splunk exists as an rpm package for linux distros. It can be found here :
https://www.splunk.com/en_us/download/sem.html

An example of an installation script can be found here, this is for UF, you can use something similar for Splunk enterprise :
https://answers.splunk.com/answers/100989/forwarder-installation-script.html

Feels free to post your install script here once you're done and we can help you review it.

Cheers,
David

0 Karma

koshyk
Super Champion

Is it possible to install the Splunk Enterprise as a part of Linux (RHEL, Ubuntu...) package.
Yes. You can make splunk installation part of your build or adhoc script (sample) installation.
Are you looking for Splunk Enterprise or Splunk Universal forwarder as Enteprise may be required only for handful of servers?

If yes, do you have any script available for this?

There are quite lot of scripts available. But my advice is to use puppet or ansible in your environment to do this rather than adhoc scripts. In enterprise level, it is better to create splunk user and group before installing splunk, so that you can control the UID's to filter them for various tools and control them centrally. If you install Splunk rpm directly, it will create local splunk user and group.
But if you really want to do handcrafted scripts, then the main logic should involve .
- installing rpm . (rpm -Uvh)
- Enable boot start using splunk user
- DO NOT start splunk without your configuration files & SSL certs/keys/password hash etc. You can put all these configurations as built in package and copy it before you start splunk

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...