when I'm running this command from root user :
@localhost Forwarder]# rpm -i splunkforwarder-6.6.2-4b804538c686-linux-2.6-x86_64.rpm
I'm getting this warning and error
warning: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64.rpm: Header V4 DSA/SHAI Signature, key ID 653fb112: NOKEY
this looks like an upgrade of an existing splunk server. Attempting to stop the installed Splunk Server...
splunkd is not running.
error :unpacking of archive failed on file /opt/splunkforwarder/bin/splunkd;596b7afc: cpio: read
error: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64: install failed
You should try using the tar gz file rather than the RPM.
Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt
Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'
Step 3.
Create Splunk user
# useradd -m splunk -p passwd1
Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt
Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder
Step 6.
Login as Splunk user
su splunk
Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license
You should try using the tar gz file rather than the RPM.
Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt
Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'
Step 3.
Create Splunk user
# useradd -m splunk -p passwd1
Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt
Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder
Step 6.
Login as Splunk user
su splunk
Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license
Hello Skoelpin,
Your explanation was good, but I didn't understand what Is the use of creating a user ? and can we create a user on splunk forwarder or you mean to create user where the splunk enterprise is installed?
Thanks
I have installed Redhat version, will It be okay If I download and install tar gz file rather than the RPM file ?
I think this video will help a bit for the beginners to install universal forwarder but the problem is, video is not in English, but I think we can understand by the commands ...
are you in fact upgrading?
if so, docs says rpm -u fwiw, also are you stopping Splunk first?
http://docs.splunk.com/Documentation/Splunk/6.6.2/installation/Upgradeto6.6onUNIX
also are you looking to run splunk as root or as some other user?
If found the answer, actually it was conflicting with the 32 bit version..Thanks for your help
I'm not upgrading, this is the first time i have installed forwarder on virtual box and trying to send some data to my host system, I'm running splunk as root user
Thanks
interesting error to see in that case.
Based on the cpio read fail, i would download it again. did you use wget?
No I didn't use wget, first I downloaded . tar gz file but it gave an error, as I thought I'm using Linux redhat so later I downloaded RPM file. and I'm trying to install this on virtual box and I was unable to connect to internet from virtual box that's the reason why I downloaded instead of using "wget".