Splunk® Enterprise

Installation Manual

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install the universal forwarder on FreeBSD

Important: Splunk does not offer an installation package for Splunk Enterprise on FreeBSD. There is a universal forwarder installation package for FreeBSD versions 9 and 10.

To use Splunk Enterprise on FreeBSD, you must download an older version of the Splunk software. See the previous releases page.

Basic installation

These instructions install the universal forwarder in the default directory, /opt/splunkforwarder. If /opt does not exist and you have not created it, you might receive an error message. There is no current version of Splunk Enterprise that is available for FreeBSD.

FreeBSD best practices maintain a small root filesystem. You might want to create a symbolic link to another filesystem and install Splunk there, rather than attempting to install in /opt.

  1. Confirm that the /opt/splunkforwarder directories exist. If they do not, create them or link to another file system from there.
  2. Install the universal forwarder on FreeBSD using the Intel installer: 
    pkg_add splunkforwarder-intel.tgz

    To install Splunk Enterprise in a different directory: 

    pkg_add -v -p /usr/splunk splunkforwarder-intel.tgz

Tar file installation

The tar file is a manual form of installation.

These instructions are for installing the universal forwarder tar file only. There is no current version of Splunk Enterprise available for FreeBSD.

When you install the universal forwarder with a tar file:

  • Some non-GNU versions of tar might not have the -C argument available. In this case, if you want to install in /opt/splunkforwarder, either cd to /opt or place the tar file in /opt before running the tar command. This method will work for any accessible directory on your machine's filesystem.
  • The forwarder does not create the splunk user automatically. If you want Splunk Enterprise to run as a specific user, you must create the user manually before installing.
  • Confirm that the disk partition has enough space to hold the uncompressed volume of the data you plan to keep indexed.

Expand the universal forwarder tar file into an appropriate directory using the tar command. The default install directory is splunkforwarder in the current working directory. 

tar xvzf splunkforwarder.tgz

To install into /opt/splunkforwarder, execute: 

tar xvzf splunkforwarder.tgz -C /opt

After you install

To ensure that the forwarder functions properly on FreeBSD, you must perform some additional activities after installation. This includes setting process and virtual memory limits.

The figures below represent a host with 2GB of physical memory. If your host has less than 2 GB of memory, reduce the values accordingly.

  1. Add the following to /boot/loader.conf 
    kern.maxdsiz="2147483648" # 2GB
kern.dfldsiz="2147483648" # 2GB
machdep.hlt_cpus=0
  2. Add the following to /etc/sysctl.conf: 
    vm.max_proc_mmap=2147483647
  3. Restart FreeBSD for the changes to take effect.


Next steps

Now that you have installed the Splunk universal forwarder, visit the Universal Forwarder manual to:

Last modified on 21 April, 2017
 

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters