Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Im getting an error when im trying uncommpress the forwarder installation file ...

raghu0463
Explorer
‎07-16-2017 08:07 AM

when I'm running this command from root user :

@localhost Forwarder]# rpm -i splunkforwarder-6.6.2-4b804538c686-linux-2.6-x86_64.rpm

I'm getting this warning and error

warning: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64.rpm: Header V4 DSA/SHAI Signature, key ID 653fb112: NOKEY

this looks like an upgrade of an existing splunk server. Attempting to stop the installed Splunk Server...
splunkd is not running.

error :unpacking of archive failed on file /opt/splunkforwarder/bin/splunkd;596b7afc: cpio: read
error: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64: install failed

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎07-16-2017 09:13 PM

You should try using the tar gz file rather than the RPM.

Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt

Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'

Step 3.
Create Splunk user
# useradd -m splunk -p passwd1

Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt

Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder

Step 6.
Login as Splunk user
su splunk

Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license

View solution in original post

Reply
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎07-16-2017 09:13 PM

You should try using the tar gz file rather than the RPM.

Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt

Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'

Step 3.
Create Splunk user
# useradd -m splunk -p passwd1

Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt

Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder

Step 6.
Login as Splunk user
su splunk

Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license

Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-18-2017 07:08 PM

Hello Skoelpin,

Your explanation was good, but I didn't understand what Is the use of creating a user ? and can we create a user on splunk forwarder or you mean to create user where the splunk enterprise is installed?

Thanks

0 Karma
Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-18-2017 06:25 PM

I have installed Redhat version, will It be okay If I download and install tar gz file rather than the RPM file ?

0 Karma
Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-18-2017 06:58 PM

I think this video will help a bit for the beginners to install universal forwarder but the problem is, video is not in English, but I think we can understand by the commands ...

https://www.youtube.com/watch?v=ETsTUma6cOU

0 Karma
Reply
Solved! Jump to solution

mattymo
Splunk Employee
Splunk Employee
‎07-16-2017 11:10 AM

are you in fact upgrading?

if so, docs says rpm -u fwiw, also are you stopping Splunk first?
http://docs.splunk.com/Documentation/Splunk/6.6.2/installation/Upgradeto6.6onUNIX

also are you looking to run splunk as root or as some other user?

- MattyMo
0 Karma
Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-18-2017 06:52 PM

If found the answer, actually it was conflicting with the 32 bit version..Thanks for your help

0 Karma
Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-16-2017 12:49 PM

I'm not upgrading, this is the first time i have installed forwarder on virtual box and trying to send some data to my host system, I'm running splunk as root user

Thanks

0 Karma
Reply
Solved! Jump to solution

mattymo
Splunk Employee
Splunk Employee
‎07-16-2017 12:57 PM

interesting error to see in that case.

Based on the cpio read fail, i would download it again. did you use wget?

- MattyMo
0 Karma
Reply
Solved! Jump to solution

raghu0463
Explorer
‎07-18-2017 05:00 PM

No I didn't use wget, first I downloaded . tar gz file but it gave an error, as I thought I'm using Linux redhat so later I downloaded RPM file. and I'm trying to install this on virtual box and I was unable to connect to internet from virtual box that's the reason why I downloaded instead of using "wget".

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top