Splunk® Universal Forwarder

Splunk Remote Upgrader for Linux Universal Forwarders

Modify remote upgrader using the configuration files

Modify your Remote Upgrader for Linux Universal Forwarders using the configuration files default_config and local_config, which are contained in your config directory. If you plan to customize any config options, see Download and configure your Remote Upgrader app.

Default_config

Do not directly modify default_config. It is overwritten when the Remote Upgrader for Linux Universal Forwarders is upgraded and your configuration will be lost. Instead, copy default_config to your local directory and edit it there. The default_config includes default configurations:

Setting Description Default value
FWD_INSTALL_NAME Splunk Universal Forwarder name. splunkforwarder
SPLUNK_UPGRADER_USER Remote Upgrader for Linux Universal Forwarders user name if a pre-created user is not provided. splunkupgrader
SPLUNK_UPGRADER_GROUP Remote Upgrader for Linux Universal Forwarders group name if a pre-created user is not provided. splunkupgrader
MONITOR_PKG_INTERVAL_SEC Frequency, in seconds, for the Remote Upgrader for Linux Universal Forwarders to check new packages in the monitored directory. 5
FWD_UPGRADE_TIMEOUT_SEC Default timeout limit, in seconds, for an upgrade attempt. 300
FWD_UPGRADE_MAX_RETRY Number of retry attempts for an upgrade. 3
ROTATE_HISTORY_LOG_DAYS Number of days until the backup package is deleted. 30

The following table describes who can edit settings:

Can be changed through the delivery app by non system admins. SPLUNK_HOME if the Remote Upgrader for Linux Universal Forwarders is running as root.*

MONITOR_PKG_INTERVAL_SEC FWD_UPGRADE_TIMEOUT_SEC FWD_UPGRADE_MAX_RETRY ROTATE_HISTORY_LOG_DAYS Note: SPLUNK_HOME can be edited if the Supevisor is running as root. Otherwise, SPLUNK_HOME cannot be changed after the Remote Upgrader for Linux Universal Forwarders is installed due to permission issues.

Can only be changed by system admins. SPLUNK_UPGRADER_USER

SPLUNK_UPGRADER_GROUP

Last modified on 24 January, 2025
Advanced configurations   Command options

This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters