I'm a novice when it comes to working with Raspberry Pi's and Splunk. Trying to send information from an ultrasonic sensor to a laptop using Splunk. I have downloaded Splunk onto my laptop and have it up and running. I have then downloaded Splunk on the Raspberry Pi, but don't know how to install it. I have been using this page to set everything up. http://blogs.splunk.com/2013/10/21/how-to-splunk-data-from-a-raspberry-pi-three-easy-steps/
Can somebody help?
HI!
Anything works for me. I tried the three steps procedure, the guilmxm's steps, but nothing matched. I see a connection between my raspberry and my indexers (with tcpdump on port 9997), but nothing in splunk.
You seem to be looking for an example of use of Forwarders and Splunk, and your Pi to finally send the data you need from your Pi to Splunk
Here is one that should help you understanding how all this works, then to adapt this to your needs
http://apps.splunk.com/app/1611/
gunzip -v /tmp/forwarder-for-linux-arm-raspberry-pi_10.tgz
cd /opt/
sudo tar -xvf /tmp/forwarder-for-linux-arm-raspberry-pi_10.tar
cd splunkforwarder/
sudo bin/splunk enable boot-start
sudo bin/splunk start
https://apps.splunk.com/app/1753/
Depending the system you are running on, you can also activate local monitoring, but this is not the sujbect here
In your Splunk instance, activate network data receiving:
/opt/splunk/bin/splunk enable listen 9997
cd /opt/splunkforwarder/etc/apps/
tar -xvzf /tmp/TA-nmon*.tar.gz
Create an outputs.conf to configure sending data from your client to your server:
edit /opt/splunkforwarder/TA-nmon/local/outputs.conf
Example of simple configuration:
[tcpout]
defaultGroup = default-autolb-group
[tcpout:default-autolb-group]
server = mysplunk-server:9997
[tcpout-server://mysplunk-server:9997]
And finally restart the forwarder:
sudo /opt/splunkforwarder/bin/splunk restart
Upon a few minutes, you should begin to receive data from to your Pi to the nmon App in your Splunk instance.
I voluntary did not mention deployment server or advanced features to keep it simple, but in your read the Help page within the Nmon App, you will find scenarios where all these steps are described in details.
I downvoted this post because the link does not go to an article.
Did you download Splunk or the universal forwarder to your Raspberry Pi? They are different packages. The instructions in the blog (that link to http://docs.splunk.com/Documentation/Storm/Storm/User/Setupauniversalforwarderonnix) should work.
Building on @chrisG's post, the app's documentation points to some installation instructions: https://splunkbase.splunk.com/app/1611/#/documentation
Yes, you need to install it from the command line in a terminal. See http://docs.splunk.com/Documentation/Storm/latest/User/Setupauniversalforwarderonnix#Install_the_for....
I don't know how to install the Universal Forwarder after downloading it. Do I need to run a command in LX Terminal or do something else?
Are you following the instructions in the link for setting up a universal forwarder? I am confused about exactly where you are running into trouble.
I downloaded the Universal Forwarder but don't know what to do from there.
Can anyone help? I just need to know how to install it after downloading it.