Getting Data In

Why am I unable to start Splunk Universal Forwarder after installing on Isilon/Linux?

jasondillard74
New Member

Got the universal forwarder installed on my Isilon. (/opt/Splunk/splunkforwarder/)
Trying to follow the directions to start the service up but its not working. I'm not a Linux guy...

ktfs01-2# cd /opt/Splunk/splunkforwarder
ktfs01-2# ./splunk start
ELF binary type "0" not known.
zsh: exec format error: ./splunk
ktfs01-2# ls
btool                   bzip2                   copyright.txt           genSignedServerCert.sh  openssl                 scripts                 splunk                  splunkdj                srm
btprobe                 classify                genRootCA.sh            genWebCert.sh           pid_check.sh            setSplunkEnv            splunkd                 splunkmon
ktfs01-2#
0 Karma

Michael_Carlisl
Explorer

Interesting that your splunk executable is not in /opt/Splunk/splunkforwarder/bin. Do you have a bin in SPLUNKHOME?

0 Karma

jasondillard74
New Member

It is in bin actually.... sorry, accidentally left that part out of the path above.

0 Karma

Michael_Carlisl
Explorer

Ah Gotcha! I'm assuming you got the correct linux version for the forwarder? Once I ran tar xvzf on the .tgz file, I was able to run ./splunk commands.

0 Karma

jasondillard74
New Member

I don't know what the deal is... I downloaded the x64 version straight from Splunks site.
Here's a better rundown on my Putty. I renamed the file to splunk.tgz, then copied it to the /opt/Splunk/ folder via WinSCP. When I extracted it, It created the splunkforwarder folder and all underlying files/folders.

ktfs01-2# tar xvzf splunk.tgz
x splunkforwarder/
x splunkforwarder/etc/
x splunkforwarder/etc/deployment-apps/
x splunkforwarder/etc/deployment-apps/README............................etc.

ktfs01-2# cd /opt/Splunk/splunkforwarder/bin
ktfs01-2# ./splunk start
ELF binary type "0" not known.
zsh: exec format error: ./splunk
ktfs01-2#

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...