Installing the Forwarder

Forwarders provide reliable, secure data collection from remote sources and forward that data into Splunk. They can scale to tens of thousands of remote systems, collecting terabytes of data.

Installation

1. Access the Splunk Forwarder Download page.
2. Sign in or create a Splunk account. Note: your Splunk account is not connected to your Ohio State account.
3. Download the forwarder for the operating system the forwarding host will use. The Splunk forwarder is available for Windows, Linux, MacOS, FreeBSD, Solaris, and AIX.
4. Create the directory you wish the forwarder to be installed. This is the deployment directory.
5. Create the local system user that will be running the universal forwarder installation.

Using the GUI

1. Double-click the installer and follow the instructions.
2. Accept the license agreement and click "Install."
3. After the installation starts, specify the deployment directory.
4. Windows will automatically enable boot start. Linux will require running the following command to enable start on boot:
   • $SPLUNK_HOME/bin/splunk enable boot-start

Using the Command Line

Windows:

1. Navigate to the deployment directory you just created.
2. Install the forwarder:
   • msiexec.exe /i splunkforwarder_package_name.msi
3. Start Splunk and accept the license:
   • $SPLUNK_HOME/bin/splunk start --accept-license

*nix:

1. Navigate to the deployment directory you just created.
2. Using one of the below commands, install the forwarder.
   • TGZ: tar xvzf splunkforwarder_package_name.tgz
   • RPM: rpm -i splunkforwarder_package_name.rpm
   • DEB: dpkg -i splunkforwarder_package_name.deb
3. Start Splunk and accept the license:
   • $SPLUNK_HOME/bin/splunk start --accept-license
4. Start Splunk on boot:
   • $SPLUNK_HOME/bin/splunk enable boot-start

Configuring the Forwarder

Please see the Getting Data In job aid for details on configuring the Forwarder.

Helpful Resources

• Install Windows Forwarder
• Install *nix Forwarder