I'm installing Splunk on an Enterprise Linux 6.1 machine.
The Install on Linux instructions talk about a RPM, but don't explain where the RPM is.
A Yum/RPM repository would be helpful in terms of installation, updates and would speed up the deployment of security updates
This would also help with security updates. In our case Splunk doesn't always notify us that there is a security update available and Splunk security updates are not announced via email. If Splunk provided yum & apt repos, then checking for security update could be as simple as yum check-update splunk
or yum upgrade splunk
.
Does Splunk.com provide a Yum/RPM repository for the Splunk application?
I've done this using automation tools such as Chef, Puppet and Ansible. I also use the tgz files instead of RPM's, more of a preference on my part. That is a more scalable solution since I can control the deployment and the orchestration of the update. I agree that a yum / apt repo would be nice to have and I've asked for it too.
Thanks,
Kam
Additionally, here is a blog post to help with using a repo server and installing splunk binaries: http://www.rfaircloth.com/2017/03/07/automating-splunk-deployment-redhatcentos-poor-mans-edition/
cp splunkforwarder*.rpm /opt/splunkrepo
Here's where that post skips over the part we want, but does add some flash and finish we can figure ourselves.
This only solves a minor part of the problem. People asking for a YUM repo mostly aren't asking because they want to install updates direct from a YUM repository, but because we want an easy sync source for our own pre-existing internal YUM repos that takes the human factor out of checking the main site by hand for updated packages, downloading them and re-publishing them internally. With Satellite or Pulp, all that would happen automatically based on pre-defined sync and publish rules.
Splunk is currently the ONLY vendor I have to do this archaic nonsense by hand with still. Everything else is synced automatically overnight into Satellite and pre-defined rules specify the workflow from there.
But, don't you feel safer knowing that Exhibit A, line 17 is protecting Freedom, Heros, and Apple Pie? 😉
This is a really old thread, but I wonder if there is an update. It would Splunk would have put a repo up by now.
No change, AFAIK.
Splunk engineers tell me the assumption is that people are using 3rd party products (i.e. Puppet). That's fine if you have staff to support that. But we're just a "medium" sized organization so I'm facing about 1,000 systems (and separate sys-admin groups all doing their own thing) to update manually (i.e. no Puppet). All because Splunk lawyers feel it's necessary for us to acknowledge the freakin' license agreement after every update. After seeing enough of their presentations with that retarded first slide they always put up ("Disclaimer...!") I'm not surprised. Do I sound bitter about this? 'cause I am...
Any update on this topic since it was asked at Nov '11?
I am also going to deploy Splunk forwarder on many servers and was wondering how to ensure it is being kept up to date with security updates etc?
Why not support the native Linux software management tools?
This could be a great way to keep eg forwarders up to date if not the search head/indexers.
No, Splunk does not provide a yum/RPM repository. (No deb/apt repository either.) You can select your version of choice from: http://www.splunk.com/download (registration needed to download after you've selected your version).
On the target page for the selected download version, you will also find a link the to the MD5 for that version if you wish to verify the download, along with instructions for getting the file using wget instead of your browser.