Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to start an installed forwarder on my Pi Zero?

dr5mn
Explorer
‎03-23-2022 10:53 AM

Hi all

 

My first post on this Community. I am a veteran of another BI tool that starts with a Q, and very keen to learn new tools and play with new toys!

 

I scanned on community but could not find a relevant answer, so please forgive if this is not a new subject.

 

I installed a forwarder on my Pi Zero, but cannot start it. Downloaded the ARM version with 

sudo wget -O splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz "https://download.splunk.com/products/universalforwarder/releases/8.2.5/linux/splunkforwarder-8.2.5-7..."

 

Then untarred it:

sudo tar -xvzf splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz

 

Then tried to start:

sudo ./splunk start --accept-license

I just get this weird error message. No idea how to proceed.

dr5mn_0-1648057710910.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 11:49 AM

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

View solution in original post

Reply
Solved! Jump to solution

dr5mn
Explorer
‎03-23-2022 01:11 PM

Thanks. Would like some examples of "some syslog daemon" 🙂 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 01:22 PM

If I see correctly, it looks like raspbian.

It should provide both syslog-ng as well as rsyslog. Use whichever you like. 😉

But seriously - they differ a bit in more sophisticated functionality and advanced configuration syntax but for a simple use case of forwarding system logs to external collector they should be equally good.

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 11:49 AM

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...