Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Using Ansible to Install Splunk

mfaine
Explorer
‎10-14-2021 09:22 AM

I use Ansible to install and configure Splunk Universal Forwarder on multiple servers.  However, it's difficult to maintain a link to the product, the links are not consistent and contain unpredictable data, such as the git commit for the version.  Is there a link that would allow me to generate a link dynamically only knowing non-changing properties of the download or predictable values, such as version, platform, package type, etc.  For example:

"https://download.splunk.com/products/universalforwarder/releases/{{ splunk_version }}/linux/splunkforwarder-{{ splunk_version }}-{{ splunk_os }}-{{ splunk_arch }}.{{ splunk_pkg }}"

or to get the latest version something simple like:

https://download.splunk.com/products/universalforwarder/releases/latest

 

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-14-2021 10:14 AM

I advise against having automation reach out to Splunk for software.  Doing so requires authentication runs the risk of installing different versions depending on when Splunk pushes out a version.  Instead, download the desired code to a local server and have Ansible use the local copy.

---
If this reply helps you, Karma would be appreciated.
Reply

mfaine
Explorer
‎10-14-2021 12:08 PM

Not really the best way to do it but I would still need the same predictable link even I did as you suggest.   It would not install the wrong version if I specified in the link the version that I wanted.  In other words, if it worked as I am describing that would not happen.  Also, no authentication is needed, at least it hasn't been for me so far.

0 Karma
Reply

Stefanie
Builder
‎10-14-2021 09:48 AM

It would probably be easier to host that msi on a server that multiple hosts can reach. Then, update the forwarder msi as often as you need to (weekly, monthly, etc).

Reply

mfaine
Explorer
‎10-14-2021 12:09 PM

The entire point is to be able to do it in a way that does not require any maintenance on my end.  The best way to achieve this would be an RPM repo, but no, I guess Splunk doesn't want to support their customers.   Failing that, they should at least provide a stable link to the download.

0 Karma
Reply

Stefanie
Builder
‎10-14-2021 12:54 PM

Unfortunately Splunk does not support that option. Most people would not like that option either. However you are more than welcome to submit that to Splunk to provide this feature in the future. https://ideas.splunk.com/ 

I've been using the same msi for a few months now. It's not always the best thing to install the most up-to-date version of an application for every single server that gets spun up going forward. Unexpected things happen, and upgrading can be an issue, not to mention having to track those versions. 

The version of Splunk forwarder supports Splunk for a while. We had to upgrade some of our servers running version 6 of the Forwarding software for the Splunk Enterprise 8.0 release.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...