Installation

Im getting an error when im trying uncommpress the forwarder installation file ...

raghu0463
Explorer

when I'm running this command from root user :

@localhost Forwarder]# rpm -i splunkforwarder-6.6.2-4b804538c686-linux-2.6-x86_64.rpm

I'm getting this warning and error

warning: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64.rpm: Header V4 DSA/SHAI Signature, key ID 653fb112: NOKEY

this looks like an upgrade of an existing splunk server. Attempting to stop the installed Splunk Server...
splunkd is not running.

error :unpacking of archive failed on file /opt/splunkforwarder/bin/splunkd;596b7afc: cpio: read
error: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64: install failed

Tags (1)
0 Karma
1 Solution

skoelpin
SplunkTrust
SplunkTrust

You should try using the tar gz file rather than the RPM.

Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt

Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'

Step 3.
Create Splunk user
# useradd -m splunk -p passwd1

Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt

Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder

Step 6.
Login as Splunk user
su splunk

Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license

View solution in original post

skoelpin
SplunkTrust
SplunkTrust

You should try using the tar gz file rather than the RPM.

Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt

Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'

Step 3.
Create Splunk user
# useradd -m splunk -p passwd1

Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt

Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder

Step 6.
Login as Splunk user
su splunk

Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license

raghu0463
Explorer

Hello Skoelpin,

Your explanation was good, but I didn't understand what Is the use of creating a user ? and can we create a user on splunk forwarder or you mean to create user where the splunk enterprise is installed?

Thanks

0 Karma

raghu0463
Explorer

I have installed Redhat version, will It be okay If I download and install tar gz file rather than the RPM file ?

0 Karma

raghu0463
Explorer

I think this video will help a bit for the beginners to install universal forwarder but the problem is, video is not in English, but I think we can understand by the commands ...

https://www.youtube.com/watch?v=ETsTUma6cOU

0 Karma

mattymo
Splunk Employee
Splunk Employee

are you in fact upgrading?

if so, docs says rpm -u fwiw, also are you stopping Splunk first?
http://docs.splunk.com/Documentation/Splunk/6.6.2/installation/Upgradeto6.6onUNIX

also are you looking to run splunk as root or as some other user?

- MattyMo
0 Karma

raghu0463
Explorer

If found the answer, actually it was conflicting with the 32 bit version..Thanks for your help

0 Karma

raghu0463
Explorer

I'm not upgrading, this is the first time i have installed forwarder on virtual box and trying to send some data to my host system, I'm running splunk as root user

Thanks

0 Karma

mattymo
Splunk Employee
Splunk Employee

interesting error to see in that case.

Based on the cpio read fail, i would download it again. did you use wget?

- MattyMo
0 Karma

raghu0463
Explorer

No I didn't use wget, first I downloaded . tar gz file but it gave an error, as I thought I'm using Linux redhat so later I downloaded RPM file. and I'm trying to install this on virtual box and I was unable to connect to internet from virtual box that's the reason why I downloaded instead of using "wget".

0 Karma
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...