Upgrade splunk forwarder on linux machines

Iamabeginner · July 15, 2024, 5:38pm

I have created the linux script and named it “.sh”
on bigfix I added the file and created a fixlet
in the action script I wrote

wait chmod +x __Download\upgrade_splunk.sh
move __Download\upgrade_splunk.sh /opt/upgrade_splunk.sh
wait /bin/sh /opt/upgrade_splunk.sh

is this the correct way to execute in bigfix.
I ran the script in the debugger and it gave me a thread execution error for line 1

JasonWalker · July 15, 2024, 5:59pm

Linux machines use forwardslash ( / ) as the directory separator, so you’ll need to at least modify your commands to match. Try

wait chmod +x __Download/upgrade_splunk.sh
delete /opt/upgrade_splunk.sh
move __Download/upgrade_splunk.sh /opt/upgrade_splunk.sh
wait /bin/sh /opt/upgrade_splunk.sh

edit: the ‘move’ command will fail if the target already exists, modified the script to correct that.

Iamabeginner · July 16, 2024, 9:52pm

It ran through it and status completed but got an exit code (18)

orbiton · July 17, 2024, 2:59am

You need to look into the script itself. Maybe logging errors and output to a different file to understand where it is failing.

If you can provide the script content itself we can try an help

RichCampbell · July 17, 2024, 8:08pm

Here is our BigFIx Action Script to update Splunk on RHEL. Using the action script will help narrow down which part is failing when looking at the Show Action Info.

----- Begin

//Install Splunk Forwarder on RHEL

//Grab installer and configuration files

prefetch splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm sha1:99294ccac7199d75788f46562f1e0f13a227cb73 size:47609600 https://hostname/splunk/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm

// Good housekeeping

delete “/tmp/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm”

// Move the downloaded RPM to TMP directory

move “__Download/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm” “/tmp/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm”

// Update RPM permissions

wait sudo su - root -c “chmod 744 /tmp/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm”

parameter “__ExitCode01” = “{if exist exit code of action then exit code of action as string else “999”}”

if {parameter “__ExitCode01” != “0”}

exit {parameter “__ExitCode01”}

endif

// Execute RPM install command for Splunk agent

wait sudo su - root -c “rpm -U /tmp/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm”

parameter “__ExitCode02” = “{if exist exit code of action then exit code of action as string else “998”}”

if {parameter “__ExitCode02” != “0”}

exit {parameter “__ExitCode02”}

endif

// Run as splunk user

wait sudo su - root -c “/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes”

// Good housekeeping

delete “/tmp/splunkforwarder-9.1.4-a414fc70250e.x86_64.rpm”