Install the Remote Upgrader for Linux Universal Forwarders
You can install the Remote Upgrader for Linux Universal Forwarders in one of two ways:
- Install the Remote Upgrader for Linux Universal Forwarders and run it as an existing user and group.
- Install the Remote Upgrader for Linux Universal Forwarders and create new users and groups with permissions.
Install the Remote Upgrader for Linux Universal Forwarders and run it as a specific user and group
The Remote Upgrader for Linux Universal Forwarders installer must run as root or sudo because it requires system administrator permissions to set up the daemon configurations. Once the installation is complete, the daemon can run as another user and group that you specify during the installation, provided this user has appropriate permissions. To specify the user or group that will run the Remote Upgrader for Linux Universal Forwarders installation script:
- To use an existing user and group run --user <user> --group <group>.
- The following is an example of how to install the Remote Upgrader for Linux Universal Forwarders and run it as a predefined user and group:
sudo ./bin/install.sh --accept-license --user <user> --group <group>
Any user or group your configure must also be a sudo user. If any of the following commands are not able to run as passwordless sudo, the installation will fail.
sudo command | Why |
---|---|
systemctl | To operate the upgrader daemon as a systemd service. |
pkill | To kill splunkd or the upgrade process when the process is hanging. |
chmod | To set the file or directory permissions to make them available to Splunk apps to deliver the universal forwarder package |
chown | To set SPLUNK_HOME ownership after upgrade. |
cp | To copy files to or from SPLUNK_HOME. |
rm | To remove SPLUNK_HOME when rolling back an upgrade, for example, in the case of upgrade failure. |
find | To find SPLUNK_HOME globally before upgrade. |
mkdir | To create directories in the SPLUNK_HOME directory. |
cat | To read files to SPLUNK_HOME. |
stat | To get previous Splunk users from the SPLUNK_HOME/bin/splunk file owner. |
ps | To get the Splunk process owner. |
test | To test file directory presence in SPLUNK_HOME. |
sed | To update the Remote Upgrader for Linux Universal Forwarders configurations. |
tar | To unpack Splunk packages to SPLUNK_HOME that might be owned by root. |
Install the Remote Upgrader for Linux Universal Forwarders and create new users and groups with permissions
If you do not have a user and group with permissions, you can use --create-user to let the Remote Upgrader for Linux Universal Forwarders installer create a dedicated user or group:
While creating the user, only the list of sudo commands described here are written to the /etc/sudoers.d/<username> file to enable passwordless sudo.
.
Download and configure your Remote Upgrader app | Uninstall the Remote Upgrader for Linux Universal Forwarders |
This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Feedback submitted, thanks!