How to install splunk universal forwarder

Neha SinghAWS, AWS Services, Cloud, github, Studio-DevOps, Studio-Scala
Table of contents
Reading Time: 3 minutes

Hello Readers! In this blog we will see how to install splunk universal forwarder. But first let us know what splunk universal forwarder is? In short, we call splunk universal forwarder, as splunk uf. It is a separate software package and is free to download where a license is not required.

Steps to install:

1. First we have to download the software. Open your web browser and search for it. Click the link to download https://www.splunk.com/en_us/download/universal-forwarder.html It will redirect us to the splunk, click on free Splunk.

Either you have to sign in or if you don’t have an account, then you have to create an account then sign in.

2. Once you come to this page, click on Linux, then click on .deb file which is for Ubuntu.Click on download now.

3.Now you have two options. One is just downloading the file and the other option is under the useful tools you have the option to use the wget link.

4.Now open your terminal and if you do not have wget installed, you can run the command below.

        sudo apt install wget -y

5. Copy and paste the wget link from the browser. You can see the file is downloading.

wget -O splunkforwarder-8.2.5-77015bc7a462-linux-2.6-amd64.deb 'https://download.splunk.com/products/universalforwarder/releases/8.2.5/linux/splunkforwarder-8.2.5-77015bc7a462-linux-2.6-amd64.deb'

6. If we run the ls command, then we see the latest version i.e 8.2.4.

ls

7. Now we run the command sudo su for switching to the root user.

sudo su

8. If we run the dpkg -i command then we just type the first couple letter then push tab to complete and press enter.

dpkg -i splunkforwarder-8.2.5-77015bc7a462-linux-2.6-amd64.deb

9. Now we can check the opt directory and run ls and you can see that it is installed. Also, we have bin folder.

cd /opt/splunkforwarder/
ls
cd bin

10. We will do the same process that we use to start splunk enterprise. we run the below command to start splunk forwarder.

./splunk start

It will ask to agree with the license and will ask for user name and password. you will see splunk universal forwarder installed and running successfully.

Conclusion:

We install splunk universal forwarder on servers or endpoints from where we want to collect events. UF can be managed by deployment server and it cannot parse events.

Written by 

I am reliable, hard-working with strong attention to detail and eager to learn about new technologies and business issues. I am able to work well both on my own initiative and as part of a team.

Knoldus-logo-final
nashtech-logo-white

COMPANY

Sign up to our newsletter

    Certificates

    IOSTQB Platinum Partner-white
    cmmi5-white
    ISO 27001-white
    ISO 27002-white
    ISO 9001-white

    Partners

    knoldus-lightbend-white.png
    knoldus-databricks-white-.png
    knoldus-confluent-white.png
    knoldus-docker-white.png
    knoldus-hashiCorp-white.png
    knoldus-ibm-white.png
    knoldus-daml-white.png
    knoldus-datastax-white.png
    knoldus-kmine-white.png
    knoldus-rust-foundation-white.png
    knoldus-scala-white-1.png
    knoldus-snowflake-white-1.png
    umbraco 1
    aws-partner-logo 1
    Microsoft Gold Partner_white 1
    © 2023 Knoldus, Inc. All Rights Reserved.
    Part of NashTech
    Privacy Policy | Sitemap