Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a yum/rpm repo for Splunk?

stefanlasiewski
Contributor
‎11-08-2011 04:29 PM

I'm installing Splunk on an Enterprise Linux 6.1 machine.

The Install on Linux instructions talk about a RPM, but don't explain where the RPM is.

A Yum/RPM repository would be helpful in terms of installation, updates and would speed up the deployment of security updates

This would also help with security updates. In our case Splunk doesn't always notify us that there is a security update available and Splunk security updates are not announced via email. If Splunk provided yum & apt repos, then checking for security update could be as simple as yum check-update splunk or yum upgrade splunk.

Does Splunk.com provide a Yum/RPM repository for the Splunk application?

Tags (3)
Reply

bishopolis
Path Finder
‎11-16-2022 03:43 PM

HAPPY  late 11th Birthday, question #107735 !!  

Many happy returns.

In related news, authenticated HTTPS access to yum repos are still a thing since 2005, and easy to set up to back onto any number of authentication and authorization services.  There's absolutely no reason why this is technically a challenge, and looking at similar offerings by competitors we know other roadblocks can be overcome.

Let's hope for good news any day now!


Reply

bishopolis
Path Finder
‎07-10-2022 02:47 PM

We missed the 10th birthday for this one, guys.

I was going to get a cake and everything.

But, no worries, the 11th birthday for this bug is right around the corner!

Reply

wduckett
Loves-to-Learn Lots
‎07-21-2022 04:05 PM

Silly that this hasn't been addressed in 11 years... lol

0 Karma
Reply

PickleRick
Ultra Champion
‎07-22-2022 12:42 AM

You know, after being initially annoyed with lack of a repo as such, I must say that after giving it some thought I don't think it's that much of a problem.

Yes, not having a static (or semi-static) address to download the software from which could be easily incorporated into your script or puppet/ansible/chef/whatever mechanics is a bit frustrating but the repo as such...

Honestly, I wouldn't want my servers to go on and to a yum upgrade just because I have yum-cron set up and there is a new version available. It can make sense in your all-in-one lab installation without any serious data. But in production? What if the new version does introduce some changes which are not fully compatible with your config? What if upgrade fails? Splunk is relatively chatty on upgrade whereas rpm operation should be completely "hands-off". (here a small piece of rant - Microsoft produces worst rpms I've ever seen - they require you to manually accept license during install).

So I don't think that repo as such is that much needed or that it's that good idea at all.

But not having to go through all the hassle with logging in to Splunk's website just to get the download link which you can supply to your wget would be a major help.

0 Karma
Reply

grangerx
Engager
‎02-24-2022 10:10 AM

Hi all,

I improved the yum repo creation/update script I made:

It's a bash script that uses CURL to determine what files are available on the splunk download site, then 
downloads the available packages and uses createrepo to turn them into a valid YUM repo.

It checks/downloads RPMs for :
splunk-enterprise and splunk-universal-forwarder

It also includes an /etc/cron.d/ file that can be used to execute the script every night at 03:00 local time.

https://github.com/grangerx/splunk-yum-repo

Note: You'll have to give it a splunk.com login for it to be able to download the packages from splunk.com.

Tags (4)
Reply

bishopolis
Path Finder
‎12-19-2018 08:18 AM

I think we're up to 7 years and one month (happy late anniversary!) as the response time for this requirement so far, with only a few promises of progress to go by.

Any tangible update?

Reply

bishopolis
Path Finder
‎11-21-2019 07:17 PM

Happy 8th birthday, question 33933 !

It's been 96 months since you were first recorded.

And while the RPM technology hasn't changed significantly in 21 years, it's still a really big challenge.

Hang in there, question 33933 !

Reply

patterc
Path Finder
‎12-02-2020 04:19 PM

happy 9th bday!

 

seriously though... c'mon splunk

Reply

mfaine
Explorer
‎12-19-2018 05:37 AM

I agree. There is no valid reason in 2018/2019 to not have a package repository. They are a major software vendor, it's inexcusable.

Reply

bishopolis
Path Finder
‎12-04-2017 11:29 AM

2 months later.

Have they published a proper repo yet?

A software repo with automatic updates is a tiny, tiny bit of what makes an 'Enterprise' company an Enterprise company, and it's valuable for so many reasons that we all should understand by now. Even if we're using Puppet (chef for us) to manage config, config management doesn't magically absolve sysadmins from the need to be adequate -- and installable artifacts (Hi BruceJackson) are best-practice for a very, very good reason.

I think everyone here wants Splunk to be awesome -- for some of us starting this journey, we've been told so many great things. I'm hoping they've published a repo and just forgotten to update this particular thread, so if anyone found one can you show me where I overlooked it?

Reply

amiracle
Splunk Employee
Splunk Employee
‎12-05-2017 07:35 AM

Still working on this internally. Hope to have a response soon.

Reply

Intermediate
Path Finder
‎05-06-2018 08:17 PM

amiracle could you please provide us all an update? Even if your work didn't go anywhere it would be helpful to have closure.

Reply

amiracle
Splunk Employee
Splunk Employee
‎05-07-2018 03:05 PM

The latest update I can give is that I'm working with our IT organization to establish the repo and will post more updates as I get closer to having this done.

Reply

Intermediate
Path Finder
‎07-09-2018 10:30 PM

Hello,
It's been another two months. Do you think this is likely to happen or is it just too hard internally?

Reply

Intermediate
Path Finder
‎05-08-2018 07:28 PM

Thank you.

0 Karma
Reply

bishopolis
Path Finder
‎03-16-2018 03:25 PM

3 months later (76 months overall). Any updates?

Right now, Splunk is considered Not Enterprise Capable due to the broken update stream.

"Day 2" problems are important in the Enterprise.

Reply

bishopolis
Path Finder
‎08-13-2018 04:00 PM

81 months total. Any luck this is our lucky month?

Reply

amiracle
Splunk Employee
Splunk Employee
‎08-14-2018 07:55 AM

While this is not the answer you are looking for, we are working through this to have a solution. PM me if you have any requirements / requests so I can bring them up on our internal meetings.

Reply

Intermediate
Path Finder
‎10-21-2018 02:56 PM

@amiracle I can't speak for @bishopolis but I expect most of us simply want Splunk to post public repos with Splunk software in RPM and DEB formats.

That way we can set up our automated mirrors/satellite to obtain the latest Splunk version and even patch Universal Forwarders without any human input.

Most other software we using in our Linux environment doesn't require us to manually log in and download updates every month (or so).

Reply

TomRStevenson
Engager
‎09-22-2020 08:36 AM

Very well stated.  That is all we are looking for as well.  Thanks!

Reply
Get Updates on the Splunk Community!

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...