Install a Splunk forwarder on Linux
You can install a Splunk forwarder on your Linux using using three methods:
- using a Splunk forwarder .tar file.
- using a Splunk forwarder .deb file.
- using a Splunk forwarder .rpm file
In this section we will show you how to install a Splunk forwarder on Ubuntu, a Debian-based Linux distrubution. First, we need to download the right software. Go to https://www.splunk.com/en_us/download/universal-forwarder.html and click the Linux button:
Choose the software version for your system. We will download the 64-bit .deb version:
Open the shell and browse to the packet location. Note that .deb version can only be installed in the default location (/opt/splunk). To start the installation, run the sudo dpkg -i splunk_package_name.deb command:
To start a Splunk universal forwarder, browse to the /bin directory in the /opt/splunkforwarder/ directory and run the sudo ./splunk start command:
The first time you start Splunk after a new installation, you will need to accept the license agreement. Press y to accept the license and start the forwarder. You can run the sudo ./splunk status command to verify that the forwarder is indeed running: