Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Simple installation script for Universal Forwarder

lguinn2
Legend
‎11-22-2011 11:08 AM

When you have more than a few forwarders to maintain, it becomes tedious (and error-prone) to install them one-by-one. Using the Deployment Server is great for keeping the configurations up-to-date and consistent.

But I want to script the installation. This isn't really a Splunk problem, it's more of a scripting problem.

Any great scripts out there? All answers welcome, especially Linux and Windows.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-22-2011 11:09 AM

With some updates that were created (and tested!) by rroberts. Thanks Mr R; you are the best!
If you cut-and-paste this script - watch out for the line wraps! You will need to correct these before your script will run.

#!/bin/sh

# This EXAMPLE script shows how to deploy the Splunk universal forwarder
# to many remote hosts via ssh and common Unix commands.
# For "real" use, this script needs ERROR DETECTION AND LOGGING!!

# --Variables that you must set -----

# Populate this file with a list of hosts that this script should install to,
# with one host per line. This must be specified in the form that should
# be used for the ssh login, ie. username@host
#
# Example file contents:
# splunkuser@10.20.13.4
# splunkker@10.20.13.5
HOSTS_FILE="$HOME/whereToInstallUF"

# This should be a WGET command that was *carefully* copied from splunk.com!!
# Sign into splunk.com and go to the download page, then look for the wget
# link near the top of the page (once you have selected your platform)
# copy and paste your wget command between the ""
WGET_CMD="wget -O splunkforwarder..."

# Set the install file name to the name of the file that wget downloads
# (the second argument to wget)
INSTALL_FILE="splunkforwarder..."

# After installation, the forwarder will become a deployment client of this
# host.  Specify the host and management (not web) port of the deployment server
# that will be managing these forwarder instances.
DEPLOY_SERVER="xxx.xxx.xxx.xxx:8089"

# Set the new Splunk admin password
PASSWORD="newpassword"

# ----------- End of user settings -----------

# create script to run remotely. Watch out for line wraps, esp. in the "set deploy-poll" line below.  
# the remote script assumes that 'splunkuser' (the login account) has permissions to write to the
# /opt directory (this is not generally the default in Linux)
REMOTE_SCRIPT="
cd /opt
$WGET_CMD
tar -xzf $INSTALL_FILE
# /opt/splunkforwarder/bin/splunk enable boot-start -user splunkusername
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
/opt/splunkforwarder/bin/splunk set deploy-poll \"$DEPLOY_SERVER\" --accept-license --answer-yes --auto-ports --no-prompt  -auth admin:changeme
/opt/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
/opt/splunkforwarder/bin/splunk restart
"    
echo "In 5 seconds, will run the following script on each remote host:"
echo
echo "===================="
echo "$REMOTE_SCRIPT"
echo "===================="
echo
sleep 5
echo "Reading host logins from $HOSTS_FILE"
echo
echo "Starting."

for DST in `cat "$HOSTS_FILE"`; do
  if [ -z "$DST" ]; then
    continue;
  fi
  echo "---------------------------"
  echo "Installing to $DST"

  # run script on remote host - you will be prompted for the password
  ssh "$DST" "$REMOTE_SCRIPT"

done  
echo "---------------------------"
echo "Done"

View solution in original post

Reply
Solved! Jump to solution

tv5
Engager
‎11-19-2015 11:33 AM

Thanks Iguinn, tweaked this a bit for non-root user account... and this works!

 #!/bin/sh

 HOSTS_FILE="/opt/forwarderlist"
 WGET_CMD="wget -O splunkforwarder..."
 INSTALL_FILE="splunkforwarder-6....tgz"
 DEPLOY_SERVER="xx.xx.xx.xx:8089"
 PASSWORD="newpassword"

 REMOTE_SCRIPT="
 cd /opt
 sudo $WGET_CMD
 sudo tar -xzf $INSTALL_FILE

 sudo useradd -m -r splunk
 sudo chown -R splunk:splunk /opt/splunkforwarder

 ### /opt/splunkforwarder/bin/splunk enable boot-start -user splunk
 sudo -u splunk /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
 sudo -u splunk /opt/splunkforwarder/bin/splunk set deploy-poll \"$DEPLOY_SERVER\" --accept-license --answer-yes --auto-ports --no-prompt  -auth admin:changeme
 sudo -u splunk /opt/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
 sudo -u splunk /opt/splunkforwarder/bin/splunk restart
 "    

 echo "In 5 seconds, will run the following script on each remote host:"
 echo
 echo "===================="
 echo "$REMOTE_SCRIPT"
 echo "===================="
 echo
 sleep 5
 echo "Reading host logins from $HOSTS_FILE"
 echo
 echo "Starting."
 for DST in `cat "$HOSTS_FILE"`; do
   if [ -z "$DST" ]; then
     continue;
   fi
   echo "---------------------------"
   echo "Installing to $DST"
   sudo ssh -t "$DST" "$REMOTE_SCRIPT"
 done  
 echo "---------------------------"
 echo "Done"
Reply
Solved! Jump to solution

rwells
Engager
‎09-04-2015 11:21 AM

What does DST mean in this scrip and what does it do?

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎09-04-2015 01:44 PM

DST is a variable. On each iteration of the loop, DST is set to the next host in the HOSTS_FILE.
So at any given point, DST should contain the IP address where the universal forwarder is to be installed.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎05-21-2014 04:59 PM

Another script posting - also good

Forwarder Installation Script

0 Karma
Reply
Solved! Jump to solution

rmorlen
Splunk Employee
Splunk Employee
‎01-10-2013 03:48 AM

Thanks for the script.

We have found Splunk incredibly easy to install and upgrade. Much easier that most products. We have UF's installed on 3000+ servers.

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎06-13-2012 07:59 PM

A couple of comments:

[1] Nothing keeps you from running a purely-internal yum repository to distribute Splunk install images to your servers. Then, "yum update" even works...
[2] Rather than setting the admin password directly, there's always user-seed.conf, which works well for that purpose.
[3] It's not terribly difficult to spin out your own RPM that includes splunk as a dependency - let that RPM (and its included scriplets) deal with post-install configuration

Reply
Solved! Jump to solution

bilhays
Engager
‎03-30-2012 07:42 AM

ssbarnea, that's a bit harsh. We're talking about on the fly configuration, which is not trivial, and this kind of script is very helpful (at least to oldschoolers like myself). Thanks lguinn, this one answers 3-4 questions I had while writing something similar.

Reply
Solved! Jump to solution

ssbarnea
Explorer
‎03-21-2012 11:32 AM

Thanks, the above script is a proof of the splunk inability to create easy to install and deploy products. I just hope that they will fix the current silly URL download tricks and provide a solution like this, maybe even RPM and DEB repositories.

Reply
Solved! Jump to solution

lguinn2
Legend
‎11-27-2011 12:49 PM

Documentation here, including another example script...

0 Karma
Reply
Solved! Jump to solution

jviteka
Explorer
‎10-16-2013 03:31 PM

Do I need to create a share for this?

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎11-22-2011 11:12 AM

If you cut-and-paste this script, watch out for the line wrap on the lines that start with
/opt/splunkforwarder

Reply
Solved! Jump to solution

lguinn2
Legend
‎11-22-2011 11:10 AM

This was the shortest script that I could come up with that wasn't completely lame. It is based on a much more sophisticated script that is now part of the documentation.

Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...
Top