Splunk Enterprise

How to start an installed forwarder on my Pi Zero?

dr5mn
Explorer

Hi all

 

My first post on this Community. I am a veteran of another BI tool that starts with a Q, and very keen to learn new tools and play with new toys!

 

I scanned on community but could not find a relevant answer, so please forgive if this is not a new subject.

 

I installed a forwarder on my Pi Zero, but cannot start it. Downloaded the ARM version with 

sudo wget -O splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz "https://download.splunk.com/products/universalforwarder/releases/8.2.5/linux/splunkforwarder-8.2.5-7..."

 

Then untarred it:

sudo tar -xvzf splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz

 

Then tried to start:

sudo ./splunk start --accept-license

I just get this weird error message. No idea how to proceed.

dr5mn_0-1648057710910.png

 

Labels (1)
0 Karma
1 Solution

PickleRick
Ultra Champion

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

View solution in original post

dr5mn
Explorer

Thanks. Would like some examples of "some syslog daemon" 🙂 

0 Karma

PickleRick
Ultra Champion

If I see correctly, it looks like raspbian.

It should provide both syslog-ng as well as rsyslog. Use whichever you like. 😉

But seriously - they differ a bit in more sophisticated functionality and advanced configuration syntax but for a simple use case of forwarding system logs to external collector they should be equally good.

0 Karma

PickleRick
Ultra Champion

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...