IT & IoT Security | Cloud | It's all about the life itself

Nothing in life is as important as you think it is, while you are thinking about it.

Splunk UF install on Ubuntu

Greetings,

Here is the flow to install and basically configure UF on ubuntu system.

To download the package

wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true’

To install the package

tar xvzf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz -C /opt

To start

./splunk start –accept-license

To restart

./splunk restart

To enable start on boot

./splunk enable boot-start

To Configure the universal forwarder to connect to a deployment server

./splunk set deploy-poll 10.0.0.4:8089

If you see permission error on splunkforwarder/var/log/splunk/splunkd.log files regarding to sh scripts ie. ps.sh cpu.sh review the below page.

https://community.splunk.com/t5/All-Apps-and-Add-ons/Unix-TA-clarity-permissions-and-readme-file/td-p/101590

If you receive the below output of sh /opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh –debug command

Not found any of commands [sar mpstat] on this host, quitting”

try to install the pack

apt-get install sysstat