Many people get stuck while they experiment to install Splunk Universal Forwarder Linux. Here is the Ultimate Guide to install and configure it in an easy way.
I will show you the most straightforward method so you can Install Splunk Universal Forwarder on Linux. You have to follow me step by step, and you will all set on it.
Note: There are three methods to set up and configure it. Go for the one which is more valuable a for you and also the right choice.
- You can use a .tar file.
- Also, you can go for a .deb file.
- The last one you can use a .rpm file
This article will show you how you can install a Splunk universal forwarder Linux on Ubuntu, as it is a Debian-based Linux distribution.
Step 1: Download and Install Splunk Universal Forwarder Linux.
In the first step, Download the Setup file from the given link.
Click here to download: Splunk Universal Forwarder Linux
Go to this link and select the Linux and proceed further.
Kindly check your system software. So it will help you so you can better understand which one is right for you. I am going for the 64-bit .deb version.
This link is going to redirect you towards the download page. It will ask you to signup for it because it is compulsory. You can sign up and log in to download your desired product, and it will take some time to download depending upon your internet speed.
Step 2: Open the Shell to type commands.
Now type commands in the shell and browse the installation folder.
To begin the installation, type the below command in the shell.
"sudo tar -xvf filename.tgz -C /opt/"
Now again, type the below command in the shell so you can enable the boot-start
"/opt/splunkforwarder/bin/splunk enable boot-start --accept-license"
Step 3: Now, Enable the connection with the indexer.
Now type the below command. So you can enable the connection with the indexer.
"/opt/splunkforwarder/bin/splunk add forward-server hostname.domain:9997"
This command will result in generating the outputs.conf in /opt/splunkforwarder/etc/system/local folder.
Step 4: Test your connnection by using this command.
Now use the below Command for testing the connection because it is necessary to check whether we are good to go with it.
"/opt/splunkforwarder/bin/splunk list forward-server"
Step 5: Start the Splunk forwarder.
Now, type this Command to start the Splunk forwarder.
Important Note: Always Remember in the forwarder the user is “admin” by default, and the password is “changeme” by default.
So keep in mind these important notes that will help you to continue without getting stuck.
Step 6: Add a new input through Command
In the last step, you have to use the below Command to add a new input
"opt/splunkforwarder/bin/splunk add monitor /path/to/app/logs/"
Congrats, you have Installed and configured Splunk Universal Forwarder Linux Successfully.
After installation of Splunk Universal Forwarder Linux
Once the installation is successful, you can launch it. The first time you launch it. You have to accept the terms and conditions. You also need to accept the license agreement.
Type y to accept the license agreement. Now you are all set up. Start the forwarder.
If you want to check that forwarder is running successfully. Type the below Command So you can verify it
sudo ./splunk status
About Splunk Universal Forwarder Linux
There are a lot of benefits to using Splunk. Because it provides you the reliability, it Secures your data. So when the data is being collected from the remote sources and is being sent to Splunk, it can index and consolidate it.
You can scale a lot of remote systems and collect terabytes of data by using the power of Splunk.
Hopefully, this tutorial has helped you get started with Splunk Universal Forwarder Linux.
I will keep making helpful content to help my audience to solve their problems. If you like this tutorial, do subscribe to LinuxStudio, so you never miss the updates.
I am also leaving a video guide to help you better understand all this process.
If you have any questions, comment below. I will get to help you there.
If you have any related queries, go to the Contact Us page and Directly leave your message there.