I'm installing Splunk on an Enterprise Linux 6.1 machine.
The Install on Linux instructions talk about a RPM, but don't explain where the RPM is.
A Yum/RPM repository would be helpful in terms of installation, updates and would speed up the deployment of security updates
This would also help with security updates. In our case Splunk doesn't always notify us that there is a security update available and Splunk security updates are not announced via email. If Splunk provided yum & apt repos, then checking for security update could be as simple as
yum check-update splunk or
yum upgrade splunk.
Does Splunk.com provide a Yum/RPM repository for the Splunk application?
HAPPY late 11th Birthday, question #107735 !!
Many happy returns.
In related news, authenticated HTTPS access to yum repos are still a thing since 2005, and easy to set up to back onto any number of authentication and authorization services. There's absolutely no reason why this is technically a challenge, and looking at similar offerings by competitors we know other roadblocks can be overcome.
Let's hope for good news any day now!
We missed the 10th birthday for this one, guys.
I was going to get a cake and everything.
But, no worries, the 11th birthday for this bug is right around the corner!
Silly that this hasn't been addressed in 11 years... lol
You know, after being initially annoyed with lack of a repo as such, I must say that after giving it some thought I don't think it's that much of a problem.
Yes, not having a static (or semi-static) address to download the software from which could be easily incorporated into your script or puppet/ansible/chef/whatever mechanics is a bit frustrating but the repo as such...
Honestly, I wouldn't want my servers to go on and to a yum upgrade just because I have yum-cron set up and there is a new version available. It can make sense in your all-in-one lab installation without any serious data. But in production? What if the new version does introduce some changes which are not fully compatible with your config? What if upgrade fails? Splunk is relatively chatty on upgrade whereas rpm operation should be completely "hands-off". (here a small piece of rant - Microsoft produces worst rpms I've ever seen - they require you to manually accept license during install).
So I don't think that repo as such is that much needed or that it's that good idea at all.
But not having to go through all the hassle with logging in to Splunk's website just to get the download link which you can supply to your wget would be a major help.
I improved the yum repo creation/update script I made:
It's a bash script that uses CURL to determine what files are available on the splunk download site, then
downloads the available packages and uses createrepo to turn them into a valid YUM repo.
It checks/downloads RPMs for :
splunk-enterprise and splunk-universal-forwarder
It also includes an /etc/cron.d/ file that can be used to execute the script every night at 03:00 local time.
Note: You'll have to give it a splunk.com login for it to be able to download the packages from splunk.com.
I think we're up to 7 years and one month (happy late anniversary!) as the response time for this requirement so far, with only a few promises of progress to go by.
Any tangible update?
Happy 8th birthday, question 33933 !
It's been 96 months since you were first recorded.
And while the RPM technology hasn't changed significantly in 21 years, it's still a really big challenge.
Hang in there, question 33933 !
happy 9th bday!
seriously though... c'mon splunk
I agree. There is no valid reason in 2018/2019 to not have a package repository. They are a major software vendor, it's inexcusable.
2 months later.
Have they published a proper repo yet?
A software repo with automatic updates is a tiny, tiny bit of what makes an 'Enterprise' company an Enterprise company, and it's valuable for so many reasons that we all should understand by now. Even if we're using Puppet (chef for us) to manage config, config management doesn't magically absolve sysadmins from the need to be adequate -- and installable artifacts (Hi BruceJackson) are best-practice for a very, very good reason.
I think everyone here wants Splunk to be awesome -- for some of us starting this journey, we've been told so many great things. I'm hoping they've published a repo and just forgotten to update this particular thread, so if anyone found one can you show me where I overlooked it?
Still working on this internally. Hope to have a response soon.
amiracle could you please provide us all an update? Even if your work didn't go anywhere it would be helpful to have closure.
The latest update I can give is that I'm working with our IT organization to establish the repo and will post more updates as I get closer to having this done.
It's been another two months. Do you think this is likely to happen or is it just too hard internally?
3 months later (76 months overall). Any updates?
Right now, Splunk is considered Not Enterprise Capable due to the broken update stream.
"Day 2" problems are important in the Enterprise.
81 months total. Any luck this is our lucky month?
While this is not the answer you are looking for, we are working through this to have a solution. PM me if you have any requirements / requests so I can bring them up on our internal meetings.
@amiracle I can't speak for @bishopolis but I expect most of us simply want Splunk to post public repos with Splunk software in RPM and DEB formats.
That way we can set up our automated mirrors/satellite to obtain the latest Splunk version and even patch Universal Forwarders without any human input.
Most other software we using in our Linux environment doesn't require us to manually log in and download updates every month (or so).
Very well stated. That is all we are looking for as well. Thanks!