- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Im getting an error when im trying uncommpress the...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
when I'm running this command from root user :
@localhost Forwarder]# rpm -i splunkforwarder-6.6.2-4b804538c686-linux-2.6-x86_64.rpm
I'm getting this warning and error
warning: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64.rpm: Header V4 DSA/SHAI Signature, key ID 653fb112: NOKEY
this looks like an upgrade of an existing splunk server. Attempting to stop the installed Splunk Server...
splunkd is not running.
error :unpacking of archive failed on file /opt/splunkforwarder/bin/splunkd;596b7afc: cpio: read
error: splunkforwarder -6.6.2 -4b804538c686-linux-2.6-x86_64: install failed
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should try using the tar gz file rather than the RPM.
Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt
Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'
Step 3.
Create Splunk user
# useradd -m splunk -p passwd1
Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt
Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder
Step 6.
Login as Splunk user
su splunk
Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should try using the tar gz file rather than the RPM.
Step 1. Verify Splunk is not installed on the machine
ps -ef | grep splunk*
ls -la /opt
Step 2.
Use a WGET to download the Splunk forwarder
wget -O splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.6.2&product=universalforwarder&filename=splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz&wget=true'
Step 3.
Create Splunk user
# useradd -m splunk -p passwd1
Step 4.
Unzip
# tar -xzvf splunkforwarder-6.6.2-4b804538c686-Linux-x86_64.tgz -C /opt
Step 5.
Change ownership to Splunk
# chown splunk:splunk /opt/splunkforwarder
Step 6.
Login as Splunk user
su splunk
Step 7.
Start Splunkforwarder
$ /opt/splunkforwarder/bin/splunk start --accept-license
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Skoelpin,
Your explanation was good, but I didn't understand what Is the use of creating a user ? and can we create a user on splunk forwarder or you mean to create user where the splunk enterprise is installed?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed Redhat version, will It be okay If I download and install tar gz file rather than the RPM file ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think this video will help a bit for the beginners to install universal forwarder but the problem is, video is not in English, but I think we can understand by the commands ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you in fact upgrading?
if so, docs says rpm -u fwiw, also are you stopping Splunk first?
http://docs.splunk.com/Documentation/Splunk/6.6.2/installation/Upgradeto6.6onUNIX
also are you looking to run splunk as root or as some other user?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If found the answer, actually it was conflicting with the 32 bit version..Thanks for your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not upgrading, this is the first time i have installed forwarder on virtual box and trying to send some data to my host system, I'm running splunk as root user
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
interesting error to see in that case.
Based on the cpio read fail, i would download it again. did you use wget?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No I didn't use wget, first I downloaded . tar gz file but it gave an error, as I thought I'm using Linux redhat so later I downloaded RPM file. and I'm trying to install this on virtual box and I was unable to connect to internet from virtual box that's the reason why I downloaded instead of using "wget".
Introducing Splunk Enterprise 9.2
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
