Install the Splunk Universal Forwarder for Splunk Cloud with Packer and Terraform via the user data

splunk_universal_forwarder_installation

### Packer

UF_VERSION="6.5.2-67571ef4b87d-linux-2.6-amd64"
UF_SHORT_VERSION="6.5.2"
UF_DOWNLOAD_URL="https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=${UF_SHORT_VERSION}&product=universalforwarder&filename=splunkforwarder-${UF_VERSION}.deb&wget=true"
UF_DEB_PACKAGE="/tmp/splunkforwarder-${UF_VERSION}.deb"
UF_DIRECTORY="/opt/splunkforwarder"
SPLUNK_DIRECTORY="/home/ubuntu/.splunk"

# Download the Universal Forwarder (UF)
wget -O ${UF_DEB_PACKAGE} ${UF_DOWNLOAD_URL}

# Install the UF
dpkg -i ${UF_DEB_PACKAGE}

# Move the configuration files
mv /tmp/splunk/splunkclouduf.spl ${UF_DIRECTORY}/
mv /tmp/splunk/ftp_allforwarder_inputs ${UF_DIRECTORY}/etc/apps/
chown -R splunk:splunk ${UF_DIRECTORY}/

# Start the UF at boot time
${UF_DIRECTORY}/bin/splunk enable boot-start -user splunk --accept-license

# Set the licence
sudo -u splunk ${UF_DIRECTORY}/bin/splunk start
mkdir ${SPLUNK_DIRECTORY}
chown -R splunk:splunk ${SPLUNK_DIRECTORY}
sudo -u splunk ${UF_DIRECTORY}/bin/splunk install app ${UF_DIRECTORY}/splunkclouduf.spl -auth admin:changeme
sudo -u splunk ${UF_DIRECTORY}/bin/splunk stop

### Terraform

SPLUNK_DIR="/opt/splunkforwarder"
# Customize the index names with the ENV
sudo -u splunk sed -i.bak "s#__ENV__#$${ENV}#" "${SPLUNK_DIR}/etc/apps/ftp_allforwarder_inputs/local/inputs.conf"
# Restart the splunk agent
sudo -u splunk ${SPLUNK_DIR}/bin/splunk restart