Archive
Highlighted

Splunk Installation during Linux OS Install/Upgrade

Explorer

Hi All, Need a quick help on the below information:

Is it possible to install the Splunk Enterprise as a part of Linux (RHEL, Ubuntu...) package.
i.e. during the Linux OS installation/upgrade package I would like to include the steps (script) so that Splunk Enterprise also gets installed along with the OS install/upgrade.
If yes, do you have any script available for this?

regards,
Santosh

Tags (1)
0 Karma
Highlighted

Re: Splunk Installation during Linux OS Install/Upgrade

Super Champion

Is it possible to install the Splunk Enterprise as a part of Linux (RHEL, Ubuntu...) package.
Yes. You can make splunk installation part of your build or adhoc script (sample) installation.
Are you looking for Splunk Enterprise or Splunk Universal forwarder as Enteprise may be required only for handful of servers?

If yes, do you have any script available for this?

There are quite lot of scripts available. But my advice is to use puppet or ansible in your environment to do this rather than adhoc scripts. In enterprise level, it is better to create splunk user and group before installing splunk, so that you can control the UID's to filter them for various tools and control them centrally. If you install Splunk rpm directly, it will create local splunk user and group.
But if you really want to do handcrafted scripts, then the main logic should involve .
- installing rpm . (rpm -Uvh)
- Enable boot start using splunk user
- DO NOT start splunk without your configuration files & SSL certs/keys/password hash etc. You can put all these configurations as built in package and copy it before you start splunk

0 Karma
Highlighted

Re: Splunk Installation during Linux OS Install/Upgrade

SplunkTrust
SplunkTrust

Hi @santosh_hb,

For your first question, yes Splunk exists as an rpm package for linux distros. It can be found here :
https://www.splunk.com/en_us/download/sem.html

An example of an installation script can be found here, this is for UF, you can use something similar for Splunk enterprise :
https://answers.splunk.com/answers/100989/forwarder-installation-script.html

Feels free to post your install script here once you're done and we can help you review it.

Cheers,
David

0 Karma
Highlighted

Re: Splunk Installation during Linux OS Install/Upgrade

Explorer

Thanks David, for the details.

0 Karma
Highlighted

Re: Splunk Installation during Linux OS Install/Upgrade

SplunkTrust
SplunkTrust

you're welcome @santosh_hb 😉 Please upvote/accept if it was helpful !

0 Karma