Installation

Forwarder Installation Script

GKC_DavidAnso
Path Finder

I have created the script below to deploy forwarders to Linux servers. Hopefully it is of use to others in the community.

If you execute the script it will tell you which parameters it expects to receive.

The script expects to deploy a .tgz but could easily be tweaked to install an RPM, DEB or similar package. However in those situations I would generally look to utilise whatever package management system is available (e.g. a Satellite server for RedHat) to make patching easier.

I hope you find this helpful.

#!/bin/bash

################################################
################################################
### Splunk> Forwarder Mass Deployment Script ###
### Author:   David Anso - GKC Limited       ###
### Version:  1.0                            ###
################################################
################################################
### www.gkc.co.nz

REMOTE_HOST=$1
REMOTE_USER=$2
REMOTE_PATH="$3"
ENABLE_KEYBASED_AUTH=$4
ENABLE_BOOT_START=$5

SPLUNKFORWARDERTGZ="splunkforwarder-4.3-115073-Linux-x86_64.tgz"
INSTALLER_HOME="/home/splunker/install-forwarder/"
SPLUNKDEPLOYCLIENTCONF="deploymentclient.conf"
SSH_PUBLIC_KEY="/home/splunker/.ssh/id_rsa.pub"

cd $INSTALLER_HOME

if [ -z $5 ]
then
    echo "Usage: $0 Host User Path Enable_SSHKeys EnableBootStart"
    echo " e.g.: $0 splunkforwarder1 splunkuser /opt 1 1"
    exit 1
fi

if [ $ENABLE_KEYBASED_AUTH -gt 0 ]
then
    cat $SSH_PUBLIC_KEY | ssh $REMOTE_HOST -l $REMOTE_USER "if [ ! -e .ssh ] ; then mkdir ~/.ssh; fi ; cat \ >>~/.ssh/authorized_keys ; chmod 600 ~/.ssh/authorized_keys ;chmod 700 ~/.ssh"
    ssh $REMOTE_HOST -l $REMOTE_USER echo If you only typed the password once then key based auth is working.
fi

echo "Copying files..."
scp $SPLUNKFORWARDERTGZ $SPLUNKDEPLOYCLIENTCONF $REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH
ssh $REMOTE_HOST "
    cd $REMOTE_PATH; 
    tar -xzf $REMOTE_PATH/$SPLUNKFORWARDERTGZ ;  
        rm $REMOTE_PATH/$SPLUNKFORWARDERTGZ ;
        mv $REMOTE_PATH/$SPLUNKDEPLOYCLIENTCONF $REMOTE_PATH/splunkforwarder/etc/system/local/deploymentclient.conf;
        splunkforwarder/bin/splunk start --accept-license
"

echo ""

if [ $ENABLE_BOOT_START -gt 0 ]
then
    echo "Enabling Boot Start..."
    ssh $REMOTE_HOST -t -l $REMOTE_USER "sudo $REMOTE_PATH/splunkforwarder/bin/splunk enable boot-start"
fi
Labels (1)
1 Solution

GKC_DavidAnso
Path Finder

Feel free to leave comments if you have any questions.

View solution in original post

ashabc
Contributor

If you want more detailed explanation and options, Splunk official document for scripted install example is here:

For *NIX
http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Remotelydeployanixdfwithastaticconfigu...

For Windows:
http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployawindowsdfviathecommandline

You may need to use psexec command from another windows host, if you do not have RDP/console access to the target windows client.

0 Karma

gvhees
Explorer

Hi David,

Works like a charm. Thanks for sharing it. I came in most helpful when I needed.

Cheers,
Ger

0 Karma

GKC_DavidAnso
Path Finder

Feel free to leave comments if you have any questions.

rturk
Builder

That's excellent David... I particularly like the 'exam' tag 😉

(You might want to mark your own "question" as answered though)

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...