Modify remote upgrader using the configuration files
Modify your Remote Upgrader for Linux Universal Forwarders using the configuration files default_config and local_config, which are contained in your config directory. If you plan to customize any config options, see Download and configure your Remote Upgrader app.
Default_config
Do not directly modify default_config. It is overwritten when the Remote Upgrader for Linux Universal Forwarders is upgraded and your configuration will be lost. Instead, copy default_config to your local directory and edit it there. The default_config includes default configurations:
Setting | Description | Default value |
---|---|---|
FWD_INSTALL_NAME | Splunk Universal Forwarder name. | splunkforwarder |
SPLUNK_UPGRADER_USER | Remote Upgrader for Linux Universal Forwarders user name if a pre-created user is not provided. | splunkupgrader |
SPLUNK_UPGRADER_GROUP | Remote Upgrader for Linux Universal Forwarders group name if a pre-created user is not provided. | splunkupgrader |
MONITOR_PKG_INTERVAL_SEC | Frequency, in seconds, for the Remote Upgrader for Linux Universal Forwarders to check new packages in the monitored directory. | 5 |
FWD_UPGRADE_TIMEOUT_SEC | Default timeout limit, in seconds, for an upgrade attempt. | 300 |
FWD_UPGRADE_MAX_RETRY | Number of retry attempts for an upgrade. | 3 |
ROTATE_HISTORY_LOG_DAYS | Number of days until the backup package is deleted. | 30 |
The following table describes who can edit settings:
Can be changed through the delivery app by non system admins. | SPLUNK_HOME if the Remote Upgrader for Linux Universal Forwarders is running as root.*
MONITOR_PKG_INTERVAL_SEC FWD_UPGRADE_TIMEOUT_SEC FWD_UPGRADE_MAX_RETRY ROTATE_HISTORY_LOG_DAYS Note: SPLUNK_HOME can be edited if the Supevisor is running as root. Otherwise, SPLUNK_HOME cannot be changed after the Remote Upgrader for Linux Universal Forwarders is installed due to permission issues. |
Can only be changed by system admins. | SPLUNK_UPGRADER_USER
SPLUNK_UPGRADER_GROUP |
Advanced configurations | Command options |
This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!