Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Install splunk forwarder in Linux servers

aalhabbash1
Path Finder
‎12-04-2019 11:32 AM

Hi All;

Is there way to push and install splunk forwarder to multiple Linux servers at same time?
If you have script please provide me.

Thanks

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎12-06-2019 12:39 AM

Hi @aalhabbash1,
the esiest way is to use a tool (as suggested by @richgalloway) otherwise you can use a script that installs one Universal Forwarder at a time, if you want to parallelize UFs installation you can run it more times:
Script

#!/bin/sh
# Script to remotely install Splunk forwarder

# to avoid to store readable password
read -s -p "Enter Splunk Admin Password: " PASSWORD
echo 

# Configuration file
source /home/your_user/config.ini

# Command lists to execute in remote forwarder server
REMOTESCRIPT="
cd $DIRDEST
$WGETCMD
sudo tar -xzf $FWDTGZ
sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
sudo $DIRDEST/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
sudo $DIRDEST/splunkforwarder/bin/splunk set deploy-poll \"$DEPLOYSERVER\" -auth admin:$PASSWORD
sudo $DIRDEST/splunkforwarder/bin/splunk enable boot-start -user splunk
sudo chown -R splunk:splunk $DIRDEST/splunkforwarder
sudo -H -u splunk $DIRDEST/splunkforwarder/bin/splunk restart
"

# Installation execution
echo "============================= FORWARDER REMOTE INSTALLER ============================="
echo
sleep 5
echo "Reading host logins from $TARGETSFILE"
echo 
echo "Start Forwarder remote installation to:"

# hosts cycle
for DEST in `cat "$TARGETSFILE"`; do

    if [ -z "$DEST" ]; then
        continue;
    fi
    echo 
    echo "- $DEST"
    ssh "$DEST" "$REMOTESCRIPT"

done

Config.ini

TARGETSFILE="/home/my_user/targets.ini"
DIRDEST="/opt"
WGETCMD="sudo wget -O splunkforwarder-your_version.tgz 'your_link"
FWDTGZ="/opt/splunkforwarder-your_version.tgz"
DEPLOYSERVER="your_Deployment_Server:8089"

Adapt the script to your needs.
In addition you could insert your host list in another file and read them from it.
Another hint is to copy in $SPLUNK_HOME/etc/apps a Technical Add-on in which there are two files: outputs.conf and deploymentclient.conf, in this way your Forwarders will connect directly to you Deployment Server and you can manage them

Ciao.
Giuseppe

Reply

gcusello
SplunkTrust
SplunkTrust
‎02-12-2020 10:03 AM

Hi @aalhabbash1,
did the answer solve your need?
if yes, please accept it for other people of Community, if not tell me what's the problem.

Ciao.
Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2019 11:37 AM

There is no Splunk solution for that. Use a third-party management tool like Ansible, Puppet, etc.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top