Solved: Universal Forwarder on Raspberry Pi

phoenixdigital · ‎12-09-2012

Wondering what the chances are of getting a Universal Forwarder compilation for an ARM device such as Raspberry Pi?
http://en.wikipedia.org/wiki/Raspberry_Pi

These devices make great little remote machines which would be perfect for monitoring systems in the field.

I am aware I could just have software feed back to Splunk via a port but would love to utilise the Universal Forwarder if possible.

Ed · ‎10-10-2013

Universal Forwarder for Linux ARM (RaspberryPi) is now available!

View solution in original post

MasFollicles

Over a decade later but here is my RPI info and which forwarder worked on it:

@raspberrypi:/opt# uname -a
Linux raspberrypi 6.1.53-v8+ #1680 SMP PREEMPT Wed Sep 13 18:09:06 BST 2023 aarch64 GNU/Linux

From previous releases page: Splunk Universal Forwarder 8.1.9 / ARMv6 / 2.6+, 3.x+, 4.x+, or 5.x+ kernel Linux distributions 32-bit

Ed · ‎10-10-2013

Universal Forwarder for Linux ARM (RaspberryPi) is now available!

briang67 · ‎06-12-2013

I realize that this is an older thread, but I've had success exporting data to splunk from a raspberry pi without a forwarder. I just send my data to local syslog on the pi and then use socat to forward to a splunk server that has a tcp input.

 cat /dev/ttyUSB0 | socat - TCP:192.168.1.23:8765

I don't have the ability to pre-process or queue the events, but the setup has been very reliable. My sensor sends about 12-15 events (event size 80 bytes) per second.

neiko · ‎03-11-2013

Hi Guys, are we any closer to getting a forwarder for the Raspi?

phoenixdigital · ‎12-11-2012

I wouldn't really expect them to be giving me the source codes. However I would love a cross compiled version for Linux running on an ARM chip. Even a beta would be great I dont expect it to be fully supported.

I would think that it would be in Splunk's best interest to get Splunk onto the Raspberry Pi for a few reasons.

Raspberry Pi is being promoted as an educational device. Teaching people about Splunk early could promote future sales as they enter the commercial arena.
The low cost nature of this device means people can put more data collectors out in the fields. Which in turn means more data coming into Splunk. Which in turn means larger licence sales.
Cheapest form of advertising you could get.

I could go on but I think I have made my case.

If someone at Splunk could please provide a Universal Forwarder for this device (even beta) I would be very appreciative. Our company is doing more and more work in SCADA environments and are hoping to leverage the use of many many Raspberry Pi devices combined with a Splunk Universal Forwarder to feed gigs of data into Splunk.

We are currently using the standard release of Debian on the Raspberry Pi
http://www.raspbian.org/

Cross compiling information can be found here
http://hertaville.com/2012/09/28/development-environment-raspberry-pi-cross-compiler/

Other OS options can be found here (if you dont like Raspbian)
http://www.raspberrypi.org/downloads

pshumate · ‎01-28-2013

I would love to see a forwarder for the raspi. The internet of things starts here.

milestulett · ‎12-09-2012

Being given the code for universal forwarders so they could be end-user compiled would be the best solution. I'm after it so we can compile it for zLinux (s390 architecture), but have had no luck, even through enterprise support channels.

I'd raise a feature request and see how you get on.

Sorry 😕

Universal Forwarder on Raspberry Pi

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024