Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to start an installed forwarder on my Pi Zero?

dr5mn
Explorer
‎03-23-2022 10:53 AM

Hi all

 

My first post on this Community. I am a veteran of another BI tool that starts with a Q, and very keen to learn new tools and play with new toys!

 

I scanned on community but could not find a relevant answer, so please forgive if this is not a new subject.

 

I installed a forwarder on my Pi Zero, but cannot start it. Downloaded the ARM version with 

sudo wget -O splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz "https://download.splunk.com/products/universalforwarder/releases/8.2.5/linux/splunkforwarder-8.2.5-7..."

 

Then untarred it:

sudo tar -xvzf splunkforwarder-8.2.5-77015bc7a462-Linux-armv8.tgz

 

Then tried to start:

sudo ./splunk start --accept-license

I just get this weird error message. No idea how to proceed.

dr5mn_0-1648057710910.png

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 11:49 AM

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

View solution in original post

Reply
Solved! Jump to solution

dr5mn
Explorer
‎03-23-2022 01:11 PM

Thanks. Would like some examples of "some syslog daemon" 🙂 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 01:22 PM

If I see correctly, it looks like raspbian.

It should provide both syslog-ng as well as rsyslog. Use whichever you like. 😉

But seriously - they differ a bit in more sophisticated functionality and advanced configuration syntax but for a simple use case of forwarding system logs to external collector they should be equally good.

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎03-23-2022 11:49 AM

You downloaded a ARMv8 version of the UF package whereas Pi Zero is based on ARMv6 hardware if I remember correctly. I don't think there's a (relatively modern) version of UF available for ARMv6.

If you want to gather logs from this system you should rather use some syslog daemon to send the events to tcp or udp input on your indexer/forwarder.

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...