Installation

Running splunk on Rocky Linux distro

melvinfuglem
Explorer

We have used CentOS on some of our splunk servers and now that it has End of Life on December 31, 2021. We are looking to rebuild the servers with a new OS. The new standard from our linux team is Rocky.  Since Rocky is a relatively new distro we do not have any experience running splunk on this OS. Is there anyone out there that has that experience and can share?

Labels (1)
1 Solution

melvinfuglem
Explorer

I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.

View solution in original post

PickleRick
Ultra Champion

I'm not running splunk on Rocky (yet) but migrated recently some other servers from CentOS to Rocky and I don't see why splunk shouldn't work on Rocky.

After all, splunk only relies on minimal kernel version and that's mostly it. It runs on RH/CentOS, SuSE, Debian... Why shouldn't it run on Rocky?

0 Karma

deblaksplunk
Explorer

The crux for me is not necessarily if it runs(as it should) but if my environment will still be fully supported if I migrate my systems to Rocky.

0 Karma

PickleRick
Ultra Champion

I'd say that https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/Systemrequirements#Supported_Operati... doesn't say anything about specific distributons so it should be supported.

However, workload mangement does https://docs.splunk.com/Documentation/Splunk/8.2.4/Workloads/Requirements even though Rocky is virtually identical to RH.

Since we're surely talking about Splunk Enterprise, not Splunk Free, I'd simply file a support case and explicitly ask Splunk.

0 Karma

melvinfuglem
Explorer

I created a case with splunk, and they said as long as the kernel version in unix/linux is supported in System requirements for use of Splunk Enterprise on-premises - Splunk Documentation there should not be any problem. Rocky is supported on their side.

deblaksplunk
Explorer

I'm really interested to hear on this as well. 

0 Karma
Get Updates on the Splunk Community!

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...