Skip to content

Instantly share code, notes, and snippets.

@ThinGuy

ThinGuy/download_splunk.sh

Last active December 2, 2024 21:41
Show Gist options
  • Save ThinGuy/ee76f181151047267cdb38b7e1c1f1e3 to your computer and use it in GitHub Desktop.
Save ThinGuy/ee76f181151047267cdb38b7e1c1f1e3 to your computer and use it in GitHub Desktop.
Download ZIP
Download latest Splunk Platform and Universal Forwarder files without having to login
Raw
download_splunk.sh
#TODO: Create exclude args for platforms
download-splunk() {
# Where to store the platform and forwarder packages
local SPLUNK_BIN_DIR=/srv/splunk-platform
local SPLUNK_UF_DIR=/srv/splunk-uf
[[ -d ${SPLUNK_BIN_DIR} ]] || mkdir -p ${SPLUNK_BIN_DIR}
[[ -d ${SPLUNK_UF_DIR} ]] || mkdir -p ${SPLUNK_UF_DIR}
#Array of Splunk URLS
local -a SPLUNK_ENTERPRISE_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/get-started-with-your-free-trial.html|grep -oP '(?<=data-link=")[^"]+'))
local -a SPLUNK_LIGHT_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/splunk-light.html|grep -oP '(?<=data-link=")[^"]+'))
local -a SPLUNK_UF_URLS=($(curl -sSlL https://www.splunk.com/en_us/download/universal-forwarder.html|grep -oP '(?<=data-link=")[^"]+'))
#Get latest splunk version and build from first array element's filename
local SPLUNK_VERSION=$(echo ${SPLUNK_ENTERPRISE_URLS[0]##*/}|awk -F- '{print $2}')
local SPLUNK_BUILD=$(echo ${SPLUNK_ENTERPRISE_URLS[0]##*/}|awk -F- '{print $3}')
#Download Splunk Platforms
printf "\n\e[1mFetch Latest Splunk Platform and Universal Forwarders (${SPLUNK_VERSION}-${SPLUNK_BUILD}) \e[0m\n\n"
for BIN_URL in ${SPLUNK_ENTERPRISE_URLS[@]} ${SPLUNK_LIGHT_URLS[@]} ${SPLUNK_UF_URLS[@]};do
local OK='\u00A0\e[38;2;0;255;0m\u2713\e[0m\u00A0\n'
local FAILED='\u00A0\e[38;2;255;0;0m\u2718\u00A0\n'
local FILENAME="${BIN_URL##*/}"
local EXT=${FILENAME##*.}
[[ $EXT = Z ]] && local EXT=$(echo ${FILENAME}|awk -F. '{print $(NF-1)"."$NF}')
local PRODUCT=$(echo ${FILENAME}|awk -F- '{print $1}')
local PLATFORM=$(grep -oP '(?<=/'${VERSION}'/)[^/]+' <<< ${BIN_URL// /})
[[ ${PLATFORM} = "osx" ]] && local PLATFORM="MacOS"
[[ ${PLATFORM} = "aix" ]] && local PLATFORM="AIX"
local ARCH=$(echo ${FILENAME%.*}|sed -E 's/-release|-.inux|\.pkg|\.tar//g;s/intel/x64/g'|awk -F- '{print $NF}')
[[ $ARCH = "64" ]] && local ARCH="x64"
[[ ${PRODUCT} = "splunk" ]] && local SDIR=${SPLUNK_BIN_DIR} PRODUCT="Splunk Enterprise"
[[ ${PRODUCT} = "splunklight" ]] && local SDIR=${SPLUNK_BIN_DIR} PRODUCT="Splunk Light"
[[ ${PRODUCT} = "splunkforwarder" ]] && local SDIR=${SPLUNK_UF_DIR} PRODUCT="Universal Forwarder"
printf "\e[4GDownloading ${PRODUCT} for ${PLATFORM^} (${ARCH}) (${EXT}) to ${SDIR}/${FILENAME}"
wget -qO ${SDIR}/${FILENAME} ${BIN_URL}
[[ $? -eq 0 ]] && printf "\e[1G${OK}" || printf "\e[1G${FAILED}"
done
echo
}
@stalker-ai
Copy link

3: Syntax error: Bad function name

@sensodalin
Copy link

The script is not working 08-May-24.
image

@ThinGuy
Copy link
Author

ThinGuy commented May 13, 2024

Sorry folks, this was a quick function that worked 4 years ago. Splunk changes their URLs.

@crudalex
Copy link

is there a way to fix this? the regex '(?<=data-link=")[^"]+' no longer matches anything.

@lindonm
Copy link

lindonm commented Sep 30, 2024

This isn't the whole script as I only have a very specific use case, it's working for me - You might be able to adapt?

SPLUNK_UF_URL=$(curl -sSlL https://www.splunk.com/en_us/download/universal-forwarder.html|grep -oP '(?<=data-link=")(https://download.splunk.com/products/universalforwarder/releases/.?/linux/splunkforwarder..x86_64.rpm)(?=")')
curl --location -o splunkforwarder.rpm "$SPLUNK_UF_URL"

@K-Yo
Copy link

K-Yo commented Dec 2, 2024

Hello, I’ve created another script, inspiring myself from this one.

You can find it here: https://gist.github.com/K-Yo/0d0aaa9c4c6b4d0ad88867a86b4b3963

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment