Install the universal forwarder on macOS (single machine)
The universal forwarder is available for macOS as a tar file or a DMG package.
Install the universal forwarder from a .dmg file
To manually install the Splunk Universal Forwarder on a single macOS machine using the disk image (.dmg) installer, take the following steps:
- In the folder containing the installer, double-click the downloaded .dmg file to mount it.
A Finder window that contains the splunkforwarder.pkg opens.
- Double-click the Install Splunk Universal Forwarder icon to start the installer.
- In the Introduction panel that lists version and copyright information, click Continue.
- In the License panel, review and accept the software license agreement, then click Continue.
- In the Installation Type panel, click Install.
This installs the universal forwarder in the default directory /Applications/SplunkForwarder.
- Enter your macOS administrator password.
- When prompted, create a username and password.
Passwords must be at least 8 characters long.
Note: The password must be at least eight characters in length. The cursor will not advance as you type. Make note of your username and password. You will use these credentials to authenticate when using CLI commands on the forwarder. -
After the installation completes, select Start Splunk.
- Click Close to exit the installer window.
Install from a tar file (.tgz package) using Terminal
Use the Terminal application, to complete the following steps to install the universal forwarder on a single macOS machine:
-
Extract the universal forwarder package to the /opt directory by running the following commang
CODEcd /opt sudo tar xzf ~/Downloads/splunkforwarder-<version>-darwin-universal2.tgz -
Start the universal forwarder and accept the license agreement:
CODEsudo /opt/splunkforwarder/bin/splunk start --accept-license -
Configure the universal forwarder to start automatically at boot:
CODEsudo /opt/splunkforwarder/bin/splunk enable boot-start