Splunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux)
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Splunk - Deploy/Upgrade Splunk Light Forwarder 7.1.3 (nix Servers)9/24/2018 5:50:48 PM
2Splunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux)9/24/2018 6:14:29 PM

Description

Deploy Splunk Light Forwarder 7.1.3

This fixlet installs the Splunk Universal Forwarder on most Linux flavors.

The fixlet will ask three questions when deploying:

1. What is the user account that will run the application?

It is recommended by Splunk that the software does not run as root because it could provide a foot-hold in an environment inadvertently. The default user is "splunk" and the account will be created with the fixlet.

2. What is the desired destination for installation?

The default it "/opt".

3. What is the address and port of the deployment server in your environment?

Please request this information from your Splunk administrator before installing or else the forwarder will only be managed locally. If a deployment server is not defined, the value is not configured.


Property Details

ID25549
StatusBeta - Preliminary testing ready for more
TitleSplunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux)
CategorySplunk
Download Size21.59 MB
SourceSplunk
Source Release Date9/24/2015 12:00:00 AM
Keywordssplunk, forwarder, install, linux
Added by on 9/24/2018 6:14:29 PM
Last Modified by on 9/24/2018 6:21:29 PM
Counters 176 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 3 fixlets   * Results in a true/false
Show indented relevance
name of operating system as lowercase contains "linux"
Used in 2 fixlets   * Results in a true/false
Show indented relevance
(not exists folder "/opt/splunkforwarder") OR (if exists folder "/opt/splunkforwarder" then (substring after "=" of line containing "VERSION" of file "splunk.version" of folder "/opt/splunkforwarder/etc") as trimmed string as version < "7.1.3" else true)
Used in 2 fixlets   * Results in a true/false
Show indented relevance
not exists folder "/opt/splunk"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
action parameter query "user" with description "Name of user Splunk will run as." and with default value "splunk"
action parameter query "path" with description "Path of where Splunk will be installed." and with default value "/opt"
action parameter query "ds" with description "Hostname of deployment server and management port. Leave blank for upgrade."

//OS Check
continue if {name of operating system does not contain "Win"}

//Grab installer and configuration files
prefetch splunkforwarder.tgz sha1:66030ce85e2fa1bb4752257d0ee01503d37c0b4c size:22640418 http://download.splunk.com/products/universalforwarder/releases/7.1.3/linux/splunkforwarder-7.1.3-51d9cac7b837-Linux-x86_64.tgz

//Parameter defining the version being upgraded to
parameter "version"="7.1.3"

if {not exists line whose (it starts with (parameter "user" as string)) of file "/etc/shadow"}
wait useradd {parameter "user" as string}
endif

//Stop existing installation of Splunk
if {(exists file "splunkforwarder/bin/splunk" of folder (parameter "path" as string)) OR exists process "splunkd"}
wait service splunk stop
endif

//Install Forwarder
wait tar -zxf {(client folder of current site as string) & "/__Download/splunkforwarder.tgz"} -C {parameter "path" as string}

//Create splunk-launch.conf if needed
//if {if exists folder "splunkforwarder" of folder (parameter "path" as string) then not exists file "splunk-launch.conf" of folder "splunkforwarder/etc" of folder (parameter "path" as string) else true}
//wait cp {parameter "path" as string}/splunkforwarder/etc/splunk-launch.conf.default {parameter "path" as string}/splunkforwarder/etc/splunk-launch.conf
//endif

//Make new user owner of all of the new installation
wait chown -R {parameter "user" as string}:{parameter "user" as string} {parameter "path" as string}/splunkforwarder

//Configure deployment server and start
if {parameter "ds" of action as string is not ""}
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk set deploy-poll {parameter "ds" as string} --accept-license --answer-yes --gen-and-print-passwd"
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk start"
else
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk start --accept-license --answer-yes"
endif

//Set boot start
wait {parameter "path" as string}/splunkforwarder/bin/splunk enable boot-start -user {parameter "user" as string}
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!