How can I install Splunk universal forwarder on Linux?

Linux Install: Should be done as root.
Download installation files from: https://uofi.box.com/v/splunk
 
Splunk Doc:

Create the Splunk user & group 

  1. useradd -m splunk

Download & install Splunk Universal Forwarder

  1. mkdir /opt/splunkforwarder
  2. rpm -i /tmp/splunkforwarder-9.0.3-dd0128b1f8cd-linux-2.6-x86_64.rpm 
  3. /opt/splunkforwarder/bin/splunk start --accept-license
Output:
 

Make sure the ownership of the splunk directory and everything under it is splunk. If not run this command:

chown -R splunk:splunk /opt/splunkforwarder

 

Enable the Universal Forwarder to start on boot

/opt/splunkforwarder/bin/splunk enable boot-start -systemd-managed 0

 

Configuring the Deployment Server:

/opt/splunkforwarder/bin/splunk set deploy-poll deployment.splunk.uic.edu:8089

 

Restart the Universal Forwarder & it should begin connecting to the deployment server shortly after the restart is complete

/opt/splunkforwarder/bin/splunk restart

 

Verify service is running as splunk user:

ps -ef | grep splunk

 

Configure Firewall Rules

Make sure firewall allows traffic to 8089/tcp on splunk-deployment.server.uic.edu (131.193.68.94) and inputs1.illinoischicago.splunkcloud.com:9997, .. inputs15.illinoischicago.splunkcloud.com:9997
 

Details

Article ID: 879
Created
Fri 1/15/21 6:12 PM
Modified
Mon 12/4/23 12:04 PM

Related Services / Offerings (1)

Event Logging
A software platform used to search, analyze and visualize any type of machine-generated data gathered for data processing to create reports, dashboards and alerts.