Deployment Architecture

Update Universal Forwarder

edgarsilva01
Path Finder

How can I update 300 forwarders quickly?
Is there any method?

Labels (2)
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @edgarsilva01,
What't the operative system of your servers?
Linux UFs are easy to upgrade using a remote script shell that you can find in Community (if not I can send you!).
For Windows UFs, you have to use a SW distribution tool.

Ciao.
Giuseppe

View solution in original post

0 Karma

dauren_akilbeko
Communicator

I would recommend using some kind of configuration management system to do this on scale. If you those are Linux (should work on Windows too) I think Ansible is a good solution for this task.

https://underdefense.com/effortless-splunk-universal-forwarders-update-with-ansible/

manuelostertag
Path Finder

Thanks for the fast response, I will check if his is a solution for us.

Manuel

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @edgarsilva01,
What't the operative system of your servers?
Linux UFs are easy to upgrade using a remote script shell that you can find in Community (if not I can send you!).
For Windows UFs, you have to use a SW distribution tool.

Ciao.
Giuseppe

0 Karma

manuelostertag
Path Finder

Hi @gcusello,

I have to update a lot of Windows UF and try the new app in the splunk base (https://splunkbase.splunk.com/app/5003);  this app distribute the installation itself from the Deployment Server to the UF and run the installation.

I did not get the installation to run, it seems the SplunkForwarder Service cannot perform an installation. If I run the scripts manually, it works.

Did you know if an installation via the SplunkForwarder Service is possible?

Thanks

Manuel

0 Karma

edgarsilva01
Path Finder

Hi Giuseppe

Linux...

If you could share the script I would be very helpful 🙂

Thanks

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @edgarsilva01,
see this (even if it's non accepted!) https://answers.splunk.com/answers/786947/install-splunk-forwarder-in-linux-servers.html
Ciao.
Giuseppe

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...