Installation

Splunk Arm64 download

unixmit
Engager

In the requirements for Splunk Enterprise it says that there is a download for Arm64 but it not supported. I can’t find the download though. Anyone know where I can get it?

Thanks.

Tags (1)

ericg_splunk
Splunk Employee
Splunk Employee

Please vote for Splunk ARMv8-64 UF here: https://ideas.splunk.com/ideas/APPSID-I-35

0 Karma

ericg_splunk
Splunk Employee
Splunk Employee

I was able to get the ARMv6, 32-bit Splunk Universal Forwarder to work on a "Raspberry Pi 4" running Ubuntu (19.10 (Eoan Ermine)) using these steps:

  1. dpkg --add-architecture armhf
  2. apt-get update
  3. apt-get install libc6:armhf
  4. libstdc++6:armhf
  5. cd /lib
  6. ln -s arm-linux-gnueabihf/ld-2.30.so ld-linux.so.3

Output from "uname -a": Linux ubuntu 5.3.0-1014-raspi2 #16-Ubuntu SMP Tue Nov 26 11:18:23 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux

/opt/splunkforwarder/bin/splunk start

Splunk> Map. Reduce. Recycle.

Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.0.3-a6754d8441bf-Linux-arm-manifest'
All installed files intact.
Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Done

0 Karma

mayurr98
Super Champion
0 Karma

splunkben
Explorer

I've seen that already. That is only for 32bit arm linux. I am looking for 64bit arm linux (aarch64) splunk universal forwarder. The splunk UF download page only has 32bit for arm. Also I am interested in monitoring log files with splunk UF - not just packet captures via a tap or HEC postings of events.

s2_splunk
Splunk Employee
Splunk Employee

Can you provide the link to the docs you reference? I am not aware of an ARM download for Splunk Enterprise, but there is one for a Universal Forwarder. Or at least there was; the relevant splunkbase page now shows that it was removed.

0 Karma

splunkben
Explorer

There is a linux splunk UF for armv6 (32 bit) available on the splunk downloads page, but nothing yet for armv8 (64 bit) linux. Any idea when that might be available?

0 Karma

lfedak_splunk
Splunk Employee
Splunk Employee

Hey @unixmit and @ssievert -- for the universal forwarder ARMv6 you can get it by going to the Linux options of the universal forwarder download page (from the menu at the bottom of the splunk.com website in the footer menu), or by clicking this link: https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux I'm not sure what the Splunk Enterprise download is but as @ssievert said please provide the link so we or others can help you.

0 Karma

splunkben
Explorer

As you noted - there is 32bit splunk UF available for linux - but that doesn't work on armv8 linux.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...