Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Scripting to Download UniversalForwarder- What URL and header information syntax for login do I need?

klint
Engager
‎05-23-2023 09:34 PM

Hi,

I work for a company that has Splunk used on Servers. it is governed by a main team, however the installation of Universal Forwarder is up to the individual teams, as a result, the version needs update from time to time.

I am in the process of automating all software version downloads the platform I maintain uses and was wondering if there is a known way to connect with the splunk site and download the latest version of UniversalForwarded via script. I use powershell but could try translate other scripts if there is a method. 

any info on URL and any header information syntax for login I need is appreciated

Thank you

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-23-2023 10:16 PM

Hi @klint ,

if you're speaking of windows servers, you can use GPO to deploy UF updates from a copy that you downloaded from the Splunk Site.

If you're speaking of Linux servers, you have to use a script that you can find in the Community always downloading from a copy from the Splunk Site..

At the moment, there isn't a procedure or a tool released by Splunk to update a Forwarder directly from the Splunk site.

There are two apps developed by Community members to update UF using the Deployment Server, in the meantime Splunk is releasing the feature of updating the UF directly from Deployment Server and it will be released if few time (I hope!), for more infos you can see at Splunk Ideas.

Ciao.

Giuseppe

0 Karma
Reply

klint
Engager
‎05-23-2023 10:47 PM

Thanks for getting back to me Giuseppe

What you have said would work for installing but that still requires me to download the copy every month. I am hoping for an automated solution to download it every month so i can leave it to an automated process .

Trying to automate as much as possible and remove manual work

 

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-23-2023 10:57 PM

Hi @klint ,

No there isn't an automation to download the latest version of UF, also beacuse the UF update is usually an activity to manualy do, to have a greater control.

You could propose this to Splunk Ideas.

Ciao.

Giuseppe

Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-24-2023 01:34 AM

Hi

I think that this https://github.com/ryanadler/downloadSplunk can help you with your journey to automatic load needed splunk version.

r. Ismo

Reply

RMcCurdyDOTcom
Explorer
‎01-29-2024 08:50 AM

 

got nasty gram for posting links

search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...