Installation

Running splunk on Rocky Linux distro

melvinfuglem
Explorer

We have used CentOS on some of our splunk servers and now that it has End of Life on December 31, 2021. We are looking to rebuild the servers with a new OS. The new standard from our linux team is Rocky.  Since Rocky is a relatively new distro we do not have any experience running splunk on this OS. Is there anyone out there that has that experience and can share?

Labels (1)
1 Solution

melvinfuglem
Explorer

I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.

View solution in original post

PickleRick
SplunkTrust
SplunkTrust

I'm not running splunk on Rocky (yet) but migrated recently some other servers from CentOS to Rocky and I don't see why splunk shouldn't work on Rocky.

After all, splunk only relies on minimal kernel version and that's mostly it. It runs on RH/CentOS, SuSE, Debian... Why shouldn't it run on Rocky?

0 Karma

deblaksplunk
Explorer

The crux for me is not necessarily if it runs(as it should) but if my environment will still be fully supported if I migrate my systems to Rocky.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

I'd say that https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/Systemrequirements#Supported_Operati... doesn't say anything about specific distributons so it should be supported.

However, workload mangement does https://docs.splunk.com/Documentation/Splunk/8.2.4/Workloads/Requirements even though Rocky is virtually identical to RH.

Since we're surely talking about Splunk Enterprise, not Splunk Free, I'd simply file a support case and explicitly ask Splunk.

0 Karma

melvinfuglem
Explorer

I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.

norbertt911
Communicator

Hello,

Do you have experience with Splunk - Rocky Linux since that?

We should migrate our Centos7 soon and one of the candidates is Rocky 9. But the system requirements page https://docs.splunk.com/Documentation/Splunk/9.2.0/Installation/Systemrequirements does not list its kernel version (5.14) anymore.  (same for RHEL) 

I believe it will work, but since I need to migrate a physical production server, I want to reduce the risk as much as I can...

0 Karma

deblaksplunk
Explorer

I'm really interested to hear on this as well. 

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...