Download latest Splunk Platform and Universal Forwarder files without having to login

download_splunk.sh

#TODO: Create exclude args for platforms

download-splunk() {

# Where to store the platform and forwarder packages
local SPLUNK_BIN_DIR=/srv/splunk-platform
local SPLUNK_UF_DIR=/srv/splunk-uf
[[ -d ${SPLUNK_BIN_DIR} ]] || mkdir -p ${SPLUNK_BIN_DIR}
[[ -d ${SPLUNK_UF_DIR} ]] || mkdir -p ${SPLUNK_UF_DIR}


#Array of Splunk URLS
local -a SPLUNK_ENTERPRISE_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/get-started-with-your-free-trial.html|grep -oP '(?<=data-link=")[^"]+'))
local -a SPLUNK_LIGHT_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/splunk-light.html|grep -oP '(?<=data-link=")[^"]+'))
local -a SPLUNK_UF_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/universal-forwarder.html|grep -oP '(?<=data-link=")[^"]+'))

#Get latest splunk version and build from first array element's filename
local SPLUNK_VERSION=$(echo ${SPLUNK_ENTERPRISE_URLS[0]##*/}|awk -F- '{print $2}')
local SPLUNK_BUILD=$(echo ${SPLUNK_ENTERPRISE_URLS[0]##*/}|awk -F- '{print $3}')


#Download Splunk Platforms

printf "\n\e[1mFetch Latest Splunk Platform and Universal Forwarders (${SPLUNK_VERSION}-${SPLUNK_BUILD}) \e[0m\n\n" 

for BIN_URL in ${SPLUNK_ENTERPRISE_URLS[@]} ${SPLUNK_LIGHT_URLS[@]} ${SPLUNK_UF_URLS[@]};do
	local OK='\u00A0\e[38;2;0;255;0m\u2713\e[0m\u00A0\n'
	local FAILED='\u00A0\e[38;2;255;0;0m\u2718\u00A0\n'
	local FILENAME="${BIN_URL##*/}"
	local EXT=${FILENAME##*.}
	[[ $EXT = Z ]] && local EXT=$(echo ${FILENAME}|awk -F. '{print $(NF-1)"."$NF}')
	local PRODUCT=$(echo ${FILENAME}|awk -F- '{print $1}')
	local PLATFORM=$(grep -oP '(?<=/'${VERSION}'/)[^/]+' <<< ${BIN_URL// /})
	[[ ${PLATFORM} = "osx" ]] && local PLATFORM="MacOS"
	[[ ${PLATFORM} = "aix" ]] && local PLATFORM="AIX"
	local ARCH=$(echo ${FILENAME%.*}|sed -E 's/-release|-.inux|\.pkg|\.tar//g;s/intel/x64/g'|awk -F- '{print $NF}')
	[[ $ARCH = "64" ]] && local ARCH="x64"
	[[ ${PRODUCT} = "splunk" ]] && local SDIR=${SPLUNK_BIN_DIR} PRODUCT="Splunk Enterprise"
	[[ ${PRODUCT} = "splunklight" ]] && local SDIR=${SPLUNK_BIN_DIR} PRODUCT="Splunk Light"
	[[ ${PRODUCT} = "splunkforwarder" ]] && local SDIR=${SPLUNK_UF_DIR} PRODUCT="Universal Forwarder"
	printf "\e[4GDownloading ${PRODUCT} for ${PLATFORM^} (${ARCH}) (${EXT}) to ${SDIR}/${FILENAME}"
	wget -qO ${SDIR}/${FILENAME} ${BIN_URL}
	[[ $? -eq 0 ]] && printf "\e[1G${OK}" ||  printf "\e[1G${FAILED}"
done
echo
}

Hi @ThinGuy, please let me know if this script still relevant? I have a doubt about the splunk links and the search command.

3: Syntax error: Bad function name

The script is not working 08-May-24.

Sorry folks, this was a quick function that worked 4 years ago. Splunk changes their URLs.

is there a way to fix this? the regex '(?<=data-link=")[^"]+' no longer matches anything.

This isn't the whole script as I only have a very specific use case, it's working for me - You might be able to adapt?

SPLUNK_UF_URL=$(curl -sSlL https://www.splunk.com/en_us/download/universal-forwarder.html|grep -oP '(?<=data-link=")(https://download.splunk.com/products/universalforwarder/releases/.?/linux/splunkforwarder..x86_64.rpm)(?=")')
curl --location -o splunkforwarder.rpm "$SPLUNK_UF_URL"

Hello, I’ve created another script, inspiring myself from this one.

You can find it here: https://gist.github.com/K-Yo/0d0aaa9c4c6b4d0ad88867a86b4b3963