useradd -m splunk
mkdir /opt/splunkforwarder
rpm -i /tmp/splunkforwarder-9.2.1-78803f08aabb.x86_64.rpm
/opt/splunkforwarder/bin/splunk start --accept-license
Output:
Make sure the ownership of the splunk directory and everything under it is splunk. If not run this command:
chown -R splunk:splunk /opt/splunkforwarder
/opt/splunkforwarder/bin/splunk enable boot-start -systemd-managed 0
/opt/splunkforwarder/bin/splunk set deploy-poll deployment.splunk.uic.edu:8089
/opt/splunkforwarder/bin/splunk restart
ps -ef | grep splunk