Install the Splunk Forwarder on Ubuntu

  • 0

Install the Splunk Forwarder on Ubuntu

Get Social!

splunkThe Splunk Universal Forwarder is a small, light weight daemon which forwards data to your main Splunk server from a variety of sources.

This guide assumes that you have already installed the Splunk server to receive the data.

Download the Splunk Universal Forwarder .deb file from the Splunk website:

Upload the file to your Ubuntu server and place it a temporary directory.

Run the dpkg command to install the Splunk server.  The file name of the .deb file may change as new versions are made available so make sure that you have downloaded.

The output will look like the below. Once you see complete, the Splunk Forwarder installation will be complete.

Next we need to create the init.d script so that we can easily start and stop Splunk. Change the the Splunk directory and run the splunk executable with the below arguments.

Press SPACE to view all of the license agreement and then Y to accept it.

You can now start the forwarder daemon using the init.d script.

See reading log files with the Splunk Forwarder to read your first log file and send the data to the Splunk server.


Leave a Reply