Splunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux)
| 0 Votes |
Versioning - This is the latest version.
| 1 | Splunk - Deploy/Upgrade Splunk Light Forwarder 7.1.3 (nix Servers) | 9/24/2018 5:50:48 PM |
| 2 | Splunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux) | 9/24/2018 6:14:29 PM |
Description
Deploy Splunk Light Forwarder 7.1.3
This fixlet installs the Splunk Universal Forwarder on most Linux flavors.
The fixlet will ask three questions when deploying:
1. What is the user account that will run the application?
It is recommended by Splunk that the software does not run as root because it could provide a foot-hold in an environment inadvertently. The default user is "splunk" and the account will be created with the fixlet.
2. What is the desired destination for installation?
The default it "/opt".
3. What is the address and port of the deployment server in your environment?
Please request this information from your Splunk administrator before installing or else the forwarder will only be managed locally. If a deployment server is not defined, the value is not configured.
Property Details
| 25549 | |
| Beta - Preliminary testing ready for more | |
| Splunk - Deploy/Upgrade Splunk Universal Forwarder 7.1.3 (Linux) | |
| Splunk | |
| 21.59 MB | |
| Splunk | |
| 9/24/2015 12:00:00 AM | |
| splunk, forwarder, install, linux | |
| jimwald on 9/24/2018 6:14:29 PM | |
| jimwald on 9/24/2018 6:21:29 PM | |
| 6742 Views / 28 Downloads | |
* Average over 0 ratings.
** Log In or Register to add your rating.
|
Relevance
| Used in 6 fixlets | * Results in a true/false |
name of operating system as lowercase contains "linux"
| Used in 2 fixlets | * Results in a true/false |
(not exists folder "/opt/splunkforwarder") OR (if exists folder "/opt/splunkforwarder" then (substring after "=" of line containing "VERSION" of file "splunk.version" of folder "/opt/splunkforwarder/etc") as trimmed string as version < "7.1.3" else true)
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
action parameter query "user" with description "Name of user Splunk will run as." and with default value "splunk"
action parameter query "path" with description "Path of where Splunk will be installed." and with default value "/opt"
action parameter query "ds" with description "Hostname of deployment server and management port. Leave blank for upgrade."
//OS Check
continue if {name of operating system does not contain "Win"}
//Grab installer and configuration files
prefetch splunkforwarder.tgz sha1:66030ce85e2fa1bb4752257d0ee01503d37c0b4c size:22640418 http://download.splunk.com/products/universalforwarder/releases/7.1.3/linux/splunkforwarder-7.1.3-51d9cac7b837-Linux-x86_64.tgz
//Parameter defining the version being upgraded to
parameter "version"="7.1.3"
if {not exists line whose (it starts with (parameter "user" as string)) of file "/etc/shadow"}
wait useradd {parameter "user" as string}
endif
//Stop existing installation of Splunk
if {(exists file "splunkforwarder/bin/splunk" of folder (parameter "path" as string)) OR exists process "splunkd"}
wait service splunk stop
endif
//Install Forwarder
wait tar -zxf {(client folder of current site as string) & "/__Download/splunkforwarder.tgz"} -C {parameter "path" as string}
//Create splunk-launch.conf if needed
//if {if exists folder "splunkforwarder" of folder (parameter "path" as string) then not exists file "splunk-launch.conf" of folder "splunkforwarder/etc" of folder (parameter "path" as string) else true}
//wait cp {parameter "path" as string}/splunkforwarder/etc/splunk-launch.conf.default {parameter "path" as string}/splunkforwarder/etc/splunk-launch.conf
//endif
//Make new user owner of all of the new installation
wait chown -R {parameter "user" as string}:{parameter "user" as string} {parameter "path" as string}/splunkforwarder
//Configure deployment server and start
if {parameter "ds" of action as string is not ""}
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk set deploy-poll {parameter "ds" as string} --accept-license --answer-yes --gen-and-print-passwd"
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk start"
else
wait su {parameter "user" as string} -c "{parameter "path" as string}/splunkforwarder/bin/splunk start --accept-license --answer-yes"
endif
//Set boot start
wait {parameter "path" as string}/splunkforwarder/bin/splunk enable boot-start -user {parameter "user" as string}
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
| Social Media: |
