Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Custom installations...

DTERM
Contributor
‎03-21-2011 09:23 PM

Based on the splunk documentation, I'm guessing it's recommended to script customized installation requirements rather than trying to generate a custom RPM. I'd like some feedback on that. If customizing RPM's is doable can you post a spec file for 4.2. I am aware there are spec files for older versions on the net, I'm specifically trying to work with 4.2. TIA.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎07-23-2011 12:21 PM

Our solution to this was to make our own rpm that is dependent upon the splunkforwarder RPM. Our RPM ships the appropriate config files to get a forwarder properly configured and talking to a deployment server.

Our RPM contains (relative to /opt/splunkforwarder)

etc/system/local/user-seed.conf
etc/system/local/server.conf
etc/system/local/deploymentclient.conf
etc/system/local/inputs.conf
etc/auth/server.pem
etc/auth/cacert.pem

There is a postinst script that goes along with it to enable boot-start and start splunk for the first time.

The most elegant part of this is that an upgrade to the base Splunk RPM won't replace any of these. I would recommend this approach over trying to spin your own Splunk RPM.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎07-23-2011 12:21 PM

Our solution to this was to make our own rpm that is dependent upon the splunkforwarder RPM. Our RPM ships the appropriate config files to get a forwarder properly configured and talking to a deployment server.

Our RPM contains (relative to /opt/splunkforwarder)

etc/system/local/user-seed.conf
etc/system/local/server.conf
etc/system/local/deploymentclient.conf
etc/system/local/inputs.conf
etc/auth/server.pem
etc/auth/cacert.pem

There is a postinst script that goes along with it to enable boot-start and start splunk for the first time.

The most elegant part of this is that an upgrade to the base Splunk RPM won't replace any of these. I would recommend this approach over trying to spin your own Splunk RPM.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...