Re: Can Splunk be installed in a Solaris 10 non-gl...

mfan1995 · ‎06-10-2010

can I install splunk in a Solaris 10 non-global zone?

chrismay · ‎06-11-2010

If you are using sparse zones, and you are using the solaris package format, you will have to do the package add in the global zone.

I'm not sure that's correct; I'm using a sparse zone and the package installed directly into the child zone just fine.

However, if you want splunk installed in the global zone and in a child zone (for instance, we run the *NIX app and a forwarder on all of our boxes' global zones, whilst the indexer and splunkweb run in a single child), then be very careful when upgrading the global zone, since you'll have to do pkgrm to remove the old package first, and there's (AFAIK) no way to do pkgrm on the global zone without it cascading to child zone and removing that package too.

rotten · ‎06-11-2010

If you are using sparse zones, and you are using the solaris package format, you will have to do the package add in the global zone. You don't have to start the daemon in the global zone though.

If you want to install splunk only in a local zone, I'd recommend the tarball instead.

Note that a local zone can't see log files in the global zone, which means Splunk won't be able to magically see them either. If you expect to run a Splunk indexer in the local zone, and pick up files from other zones or the global, you'll have to share disks, or install forwarders in the other zones or set up scripts or something...

gkanapathy · ‎06-10-2010

You can install Splunk in a Solaris 10 non-global zone.

Can Splunk be installed in a Solaris 10 non-global zone?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases