Splunk Cloud Forwarder on Linux

kleanthis · ‎02-26-2018

Hello,

I am following the guide here : https://docs.splunk.com/Documentation/SplunkCloud/7.0.0/User/ForwardDataToSplunkCloudFromLinux

At some point it sais i need to install splunkclouduf.spl file which i have downloaded from my cloud instance using : splunk install app <full path to splunkclouduf.spl> -auth <username>:<password> . Problem is whenever i try to run that command i get : Not Found . I am 100% sure the path and credentials are correct . What am i missing ? Or is this a step i need or shall i skip it ?

FrankVl · ‎02-26-2018

Are you sure you're in the right directory (bin folder inside your splunk universal forwarder installation folder)? Have your tried ./splunk... instead of just splunk...

kleanthis · ‎02-26-2018

Yes and Yes.

root@host:/home/devuser/splunkforwarder/bin# ./splunk install app ../../splunkclouduf.spl -auth admin:changeme
Not Found

FrankVl · ‎02-26-2018

Does the user you run splunk as (non-root I hope) have permissions to access the .spl file?

Do other splunk commands work (e.g. ./splunk status)?

kleanthis · ‎02-26-2018

root@host:/home/devuser/splunkforwarder/bin# ./splunk status
splunkd is not running.

I think i got it. I must have messed up something and splunk did not start . I will start from scratch and see what happens . Thanx.

FrankVl · ‎02-26-2018

Ok, so the basic thing works, it's specifically that install command that fails. Not sure if splunk needs to be running to perform ./splunk install...

kleanthis · ‎02-26-2018

Yes and Yes.

root@host:/home/devuser/splunkforwarder/bin# ./splunk install app ../../splunkclouduf.spl -auth admin:changeme
Not Found

Splunk Cloud Forwarder on Linux

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?