Getting Data In

Which forwarder do I need to install on SUSE Linux 10?

AngusLi
New Member

Hello guys, I have a question which need your help!
I am using splunk enterprise 6.1.1 on win server 2003 (32bit). Now I would like to install forwarder on SUSE linux 10 (not sure if it's 32 or 64 bit) and I see there are lots of version of forwarder for linux. Which version shall I install? And shall I install all three installation files (tgz, rpm, deb) or just one or two of them? What are the differences among them? Thank you so much!

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

The types of installs - tgz, rpm, deb - are for different systems. Deb files are for distributions that use the debian package management system (debian, ubuntu, etc...), rpm is for ones that use the redhat package manager (red hat, suse, etc...) and tgz is a tar and gzipped install if you want to manually install or your systems doesn't have a splunk-generated installation file.

SUSE will use RPM (unless you want to manually install from the source, the reasons for which vary), so you'll want one that ends in "rpm." To find out which one, from a terminal on the system involved type "uname -a". You'll get a response like

Linux hostname 2.6.34.7-0.5-desktop #1 SMP PREEMPT 2010-10-25 08:40:12 +0200 x86_64 x86_64 x86_64 GNU/Linux

From that, you can see that I am using kernel version 2.6 (first set of numbers), and x86_64 (i.e. 64 bit). So, if you click the link to download the "linux" from here: https://www.splunk.com/en_us/download/universal-forwarder.html , in my case I'll want the bottom section (2.6+ kernel, 64-bit), and this case it's also an Open SUSE box, so it would be splunkforwarder-6.(version)-linux-2.6-x86_64.rpm.

Note: for *nix, it's usually easier to use wget directly from the box and the easiest way to do that is to go ahead and click the right link. On the next page "Thank you for downloading" over on the right there's a link for "Get this URL". If you click that, in there will be a big long line you can paste into a terminal session and use wget to retrieve, like:

wget -O splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true'

For the rest, this is good documentation:
http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Deployanixdfmanually

View solution in original post

Richfez
SplunkTrust
SplunkTrust

The types of installs - tgz, rpm, deb - are for different systems. Deb files are for distributions that use the debian package management system (debian, ubuntu, etc...), rpm is for ones that use the redhat package manager (red hat, suse, etc...) and tgz is a tar and gzipped install if you want to manually install or your systems doesn't have a splunk-generated installation file.

SUSE will use RPM (unless you want to manually install from the source, the reasons for which vary), so you'll want one that ends in "rpm." To find out which one, from a terminal on the system involved type "uname -a". You'll get a response like

Linux hostname 2.6.34.7-0.5-desktop #1 SMP PREEMPT 2010-10-25 08:40:12 +0200 x86_64 x86_64 x86_64 GNU/Linux

From that, you can see that I am using kernel version 2.6 (first set of numbers), and x86_64 (i.e. 64 bit). So, if you click the link to download the "linux" from here: https://www.splunk.com/en_us/download/universal-forwarder.html , in my case I'll want the bottom section (2.6+ kernel, 64-bit), and this case it's also an Open SUSE box, so it would be splunkforwarder-6.(version)-linux-2.6-x86_64.rpm.

Note: for *nix, it's usually easier to use wget directly from the box and the easiest way to do that is to go ahead and click the right link. On the next page "Thank you for downloading" over on the right there's a link for "Get this URL". If you click that, in there will be a big long line you can paste into a terminal session and use wget to retrieve, like:

wget -O splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true'

For the rest, this is good documentation:
http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Deployanixdfmanually

View solution in original post

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!