- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Running splunk on Rocky Linux distro
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have used CentOS on some of our splunk servers and now that it has End of Life on December 31, 2021. We are looking to rebuild the servers with a new OS. The new standard from our linux team is Rocky. Since Rocky is a relatively new distro we do not have any experience running splunk on this OS. Is there anyone out there that has that experience and can share?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not running splunk on Rocky (yet) but migrated recently some other servers from CentOS to Rocky and I don't see why splunk shouldn't work on Rocky.
After all, splunk only relies on minimal kernel version and that's mostly it. It runs on RH/CentOS, SuSE, Debian... Why shouldn't it run on Rocky?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The crux for me is not necessarily if it runs(as it should) but if my environment will still be fully supported if I migrate my systems to Rocky.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd say that https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/Systemrequirements#Supported_Operati... doesn't say anything about specific distributons so it should be supported.
However, workload mangement does https://docs.splunk.com/Documentation/Splunk/8.2.4/Workloads/Requirements even though Rocky is virtually identical to RH.
Since we're surely talking about Splunk Enterprise, not Splunk Free, I'd simply file a support case and explicitly ask Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Do you have experience with Splunk - Rocky Linux since that?
We should migrate our Centos7 soon and one of the candidates is Rocky 9. But the system requirements page https://docs.splunk.com/Documentation/Splunk/9.2.0/Installation/Systemrequirements does not list its kernel version (5.14) anymore. (same for RHEL)
I believe it will work, but since I need to migrate a physical production server, I want to reduce the risk as much as I can...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm really interested to hear on this as well.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
