Splunk UF install on Ubuntu
Greetings,
Here is the flow to install and basically configure UF on ubuntu system.
To download the package
wget -O splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.4&product=universalforwarder&filename=splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz&wget=true’
To install the package
tar xvzf splunkforwarder-8.0.4-767223ac207f-Linux-x86_64.tgz -C /opt
To start
./splunk start –accept-license
To restart
./splunk restart
To enable start on boot
./splunk enable boot-start
To Configure the universal forwarder to connect to a deployment server
./splunk set deploy-poll 10.0.0.4:8089
If you see permission error on splunkforwarder/var/log/splunk/splunkd.log files regarding to sh scripts ie. ps.sh cpu.sh review the below page.
https://community.splunk.com/t5/All-Apps-and-Add-ons/Unix-TA-clarity-permissions-and-readme-file/td-p/101590
If you receive the below output of sh /opt/splunkforwarder/etc/apps/Splunk_TA_nix/bin/cpu.sh –debug command
Not found any of commands [sar mpstat] on this host, quitting”
try to install the pack
apt-get install sysstat