Getting Data In

Silent Install of UF in Linux Client Machines

anandhalagaras1
Contributor

Hi Team,

We are planning to perform a silent installation of the Splunk Universal Forwarder on a Linux client machine. So far, we have created a splunk user on the client machine, downloaded the .tgz forwarder package, and extracted it to the /opt directory.

Currently, the folder /opt/splunkforwarder is created, and its contents are accessible. I have navigated to the /opt/splunkforwarder/bin directory, and now I want to execute a single command to:

  1. Agree to the license without prompts, and
  2. Set the admin username and password.

I found a reference for a similar approach in Windows, where the following command is used:

msiexec.exe /i splunkforwarder_x64.msi AGREETOLICENSE=yes SPLUNKUSERNAME=SplunkAdmin SPLUNKPASSWORD=Ch@ng3d! /quiet

However, I couldn't find a single equivalent command for Linux that accomplishes all these steps together. Could you please provide the exact command to achieve this on Linux?

 

Labels (3)
0 Karma
1 Solution

PaulPanther
Motivator

To accept the license during the start, execute:

opt/splunkforwarder/splunk start --accept-license --answer-yes

and before you start the forwarder service I suggest to create a user-seed.conf to set the admin password in clear text on the CLI.

user-seed.conf must be stored in /opt/splunkforwarder/etc/system/local/

[user_info]
USERNAME = admin
PASSWORD = YourPassword

 another method is to hash the password and add the hash to the user-seed.conf. It is described in the following doc Create secure administrator credentials - Splunk Documentation

View solution in original post

PaulPanther
Motivator

To accept the license during the start, execute:

opt/splunkforwarder/splunk start --accept-license --answer-yes

and before you start the forwarder service I suggest to create a user-seed.conf to set the admin password in clear text on the CLI.

user-seed.conf must be stored in /opt/splunkforwarder/etc/system/local/

[user_info]
USERNAME = admin
PASSWORD = YourPassword

 another method is to hash the password and add the hash to the user-seed.conf. It is described in the following doc Create secure administrator credentials - Splunk Documentation

Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...