Getting Data In

Which forwarder do I need to install on SUSE Linux 10?

AngusLi
New Member

Hello guys, I have a question which need your help!
I am using splunk enterprise 6.1.1 on win server 2003 (32bit). Now I would like to install forwarder on SUSE linux 10 (not sure if it's 32 or 64 bit) and I see there are lots of version of forwarder for linux. Which version shall I install? And shall I install all three installation files (tgz, rpm, deb) or just one or two of them? What are the differences among them? Thank you so much!

0 Karma
1 Solution

Richfez
SplunkTrust
SplunkTrust

The types of installs - tgz, rpm, deb - are for different systems. Deb files are for distributions that use the debian package management system (debian, ubuntu, etc...), rpm is for ones that use the redhat package manager (red hat, suse, etc...) and tgz is a tar and gzipped install if you want to manually install or your systems doesn't have a splunk-generated installation file.

SUSE will use RPM (unless you want to manually install from the source, the reasons for which vary), so you'll want one that ends in "rpm." To find out which one, from a terminal on the system involved type "uname -a". You'll get a response like

Linux hostname 2.6.34.7-0.5-desktop #1 SMP PREEMPT 2010-10-25 08:40:12 +0200 x86_64 x86_64 x86_64 GNU/Linux

From that, you can see that I am using kernel version 2.6 (first set of numbers), and x86_64 (i.e. 64 bit). So, if you click the link to download the "linux" from here: https://www.splunk.com/en_us/download/universal-forwarder.html , in my case I'll want the bottom section (2.6+ kernel, 64-bit), and this case it's also an Open SUSE box, so it would be splunkforwarder-6.(version)-linux-2.6-x86_64.rpm.

Note: for *nix, it's usually easier to use wget directly from the box and the easiest way to do that is to go ahead and click the right link. On the next page "Thank you for downloading" over on the right there's a link for "Get this URL". If you click that, in there will be a big long line you can paste into a terminal session and use wget to retrieve, like:

wget -O splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true'

For the rest, this is good documentation:
http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Deployanixdfmanually

View solution in original post

Richfez
SplunkTrust
SplunkTrust

The types of installs - tgz, rpm, deb - are for different systems. Deb files are for distributions that use the debian package management system (debian, ubuntu, etc...), rpm is for ones that use the redhat package manager (red hat, suse, etc...) and tgz is a tar and gzipped install if you want to manually install or your systems doesn't have a splunk-generated installation file.

SUSE will use RPM (unless you want to manually install from the source, the reasons for which vary), so you'll want one that ends in "rpm." To find out which one, from a terminal on the system involved type "uname -a". You'll get a response like

Linux hostname 2.6.34.7-0.5-desktop #1 SMP PREEMPT 2010-10-25 08:40:12 +0200 x86_64 x86_64 x86_64 GNU/Linux

From that, you can see that I am using kernel version 2.6 (first set of numbers), and x86_64 (i.e. 64 bit). So, if you click the link to download the "linux" from here: https://www.splunk.com/en_us/download/universal-forwarder.html , in my case I'll want the bottom section (2.6+ kernel, 64-bit), and this case it's also an Open SUSE box, so it would be splunkforwarder-6.(version)-linux-2.6-x86_64.rpm.

Note: for *nix, it's usually easier to use wget directly from the box and the easiest way to do that is to go ahead and click the right link. On the next page "Thank you for downloading" over on the right there's a link for "Get this URL". If you click that, in there will be a big long line you can paste into a terminal session and use wget to retrieve, like:

wget -O splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true'

For the rest, this is good documentation:
http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Deployanixdfmanually

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...