Setup

This is a step-by-step guide on setting up the Splunk Universal Forwarder on a Linux machine to forward logs.

Setting up Splunk Universal Forwarder on a Linux Machine

To install the Splunk Universal Forwarder on a system you need to be able to access both Cloud Suite Collector and your Splunk Cloud instance.

  1. Go to the Splunk download page to downland the Splunk Universal Forwarder.

  2. Choose the appropriate .rpm package for your Linux machine.

    3. Example: File name: splunkforwarder-<version>-<build>.x86_64.rpm

  3. Transfer the .rpm file to your Linux machine.

  4. (optional) If you downloaded the file to a different machine, use the following scp command to transfer it to your Linux machine:

    5. scp splunkforwarder-<version>-<build>.x86_64.rpm user@<server-ip>:/path/to/destination

  5. Run the following command to install the .rpm file on your Linux machine:

    6. sudo rpm -i splunkforwarder-<version>-<build>.x86_64.rpm