Our company operates a fleet of Apple Macs. We would like to automate the deployment and configuration of the Universal Forwarder agent to these Macs via our MDM platform, but there is very little information provided by Splunk on how to automatically configure the MacOS Universal Forwarder to communicate with our Splunk infrastructure. Given the size of the Mac fleet we ideally do not wish to have a technician install and configure the Universal Forwarder on every machine manually.
The only documentation we've been able to locate is what is posted on this Splunk web page: "docs.splunk.com/Documentation/Forwarder/8.0.0/Forwarder/Installanixuniversalforwarder#Install_the_universal_forwarder_on_Mac_OS_X" - which unfortunately does not provide any guidance on automatically applying the custom configuration settings during the install.
For the MSI (Windows) version of the Universal Forward installer there are a number of parameters available, such as 'DEPLOYMENT_SERVER', 'AGREETOLICENSE', 'SPLUNKUSERNAME' and 'SPLUNKPASSWORD' (ref: "docs.splunk.com/Documentation/Forwarder/latest/Forwarder/InstallaWindowsuniversalforwarderfromthecommandline"). Does anyone know if these parameters are also available for the MacOS version of the Universal Forwarder installer ?
If anyone has experience with deploying the Universal Forwarder to a large Mac fleet we'd be keen to hear how you've automated that process. If indeed it is possible to do so...
... View more