Additionally, here is a blog post to help with using a repo server and installing splunk binaries: http://www.rfaircloth.com/2017/03/07/automating-splunk-deployment-redhatcentos-poor-mans-edition/

cp splunkforwarder*.rpm /opt/splunkrepo

Here's where that post skips over the part we want, but does add some flash and finish we can figure ourselves.

This only solves a minor part of the problem. People asking for a YUM repo mostly aren't asking because they want to install updates direct from a YUM repository, but because we want an easy sync source for our own pre-existing internal YUM repos that takes the human factor out of checking the main site by hand for updated packages, downloading them and re-publishing them internally. With Satellite or Pulp, all that would happen automatically based on pre-defined sync and publish rules.

Splunk is currently the ONLY vendor I have to do this archaic nonsense by hand with still. Everything else is synced automatically overnight into Satellite and pre-defined rules specify the workflow from there.

But, don't you feel safer knowing that Exhibit A, line 17 is protecting Freedom, Heros, and Apple Pie? 😉

No change, AFAIK.

Splunk engineers tell me the assumption is that people are using 3rd party products (i.e. Puppet). That's fine if you have staff to support that. But we're just a "medium" sized organization so I'm facing about 1,000 systems (and separate sys-admin groups all doing their own thing) to update manually (i.e. no Puppet). All because Splunk lawyers feel it's necessary for us to acknowledge the freakin' license agreement after every update. After seeing enough of their presentations with that retarded first slide they always put up ("Disclaimer...!") I'm not surprised. Do I sound bitter about this? 'cause I am...

This could be a great way to keep eg forwarders up to date if not the search head/indexers.