FreeBSD & Splunk: Terminated
Well I’m sad to say that I am terminating my efforts to run Splunk on FreeBSD (for now). Why? For some reason, my home installation of Splunk has stopped recording data delivered over the configured network ports. I presume something has become corrupt, because the connection is made successfully, it is just not recorded in Splunk (according to live tail). I did try to upgrade and discovered 2 thigs.
Firstly, the latest FreeBSD stable edition is 7.2 and Splunk are STILL only offering their application for 6.1. This is to do with the threading issue that has changed between 6 and 7, but 12 months after the OS release they still don’t offer an application for it, meaning we still have to hack the OS a little bit to get the application to work. That’s unsatisfactory vendor support IMO.
Secondly, their upgrade instructions don’t really work for FreeBSD. They suggest simply installing the package over the top of the existing package. FreeBSD doesn’t allow that unless you force it (pkg_install -F). When I tried forcing it, the install terminated silently. I mean, pkg_info doesn’t show that it is installed, starting Splunk reveals it is the old version…it just didn’t install. And there is no error saying why.
So, I can’t upgrade, and a complate reinstall means I have to hack the app to get it working agian. I just can’t be bothered. When I move to virtualization I’ll have a more powerful server and I’ll reinstall the Linux version of Splunk. At least they are supporting the stable kernel on that!