6262# 20250115 change sha check to warning if custom build used (because hardcoded sha wont match)
6363# 20250115 add choice to only do setup (in case installation already done but setup failed)
6464
65- VERSION=" 20250115c "
65+ VERSION=" 20250115d "
6666
6767SCRIPTNAME=" installes"
6868
487487
488488
489489# ############################### START INSTALL HERE #########################################
490- if [ " ${PROCEEDSKIPINSTALL} " -eq " N" ; then
490+ if [ " ${PROCEEDSKIPINSTALL} " == " N" ; then
491491 echo_log " INFO: install/updating ES app from ${ESAPPFULL} with splunk install located in ${SPLUNK_HOME} "
492492
493493 # timeout not supported here
@@ -496,39 +496,37 @@ if [ "${PROCEEDSKIPINSTALL}" -eq "N" ]; then
496496 # ${SPLUNK_HOME}/bin/splunk install app ${ESAPPFULL} -update true -auth admin:${PASSWORD}
497497 # App 'xxxxxx/yyyyyy/splunk-enterprise-security_472.spl' installed
498498 # You need to restart the Splunk Server (splunkd) for your changes to take effect.
499- else
500- echo_log " installation skipped at user request"
501- fi
502499
503- # ES Content update
504- if [[ " ${INSTALLCONTENTUPDATE} " -eq 1 ]]; then
505- if [[ " ${SHC} " -eq 0 ]]; then
506- echo_log " INFO: install/updating ES content update app from ${CONTENTUPDATE} with splunk install located in ${SPLUNK_HOME} "
507- ${SPLUNK_HOME} /bin/splunk install app ${CONTENTUPDATE} -update true
508- else
509- echo " INFO: deployer mode, extracting ES Content Update app to shcluster app instead"
510- tar -C" ${SPLUNK_HOME} /etc/shcluster/apps/" ${CONTENTUPDATE}
500+ # ES Content update
501+ if [[ " ${INSTALLCONTENTUPDATE} " -eq 1 ]]; then
502+ if [[ " ${SHC} " -eq 0 ]]; then
503+ echo_log " INFO: install/updating ES content update app from ${CONTENTUPDATE} with splunk install located in ${SPLUNK_HOME} "
504+ ${SPLUNK_HOME} /bin/splunk install app ${CONTENTUPDATE} -update true
505+ else
506+ echo " INFO: deployer mode, extracting ES Content Update app to shcluster app instead"
507+ tar -C" ${SPLUNK_HOME} /etc/shcluster/apps/" ${CONTENTUPDATE}
508+ fi
511509 fi
512- fi
513510
514- if [[ $INSTALLWITHSETUP = " yes" ; then
515- echo_log " INFO: install with setup option set, continuing with setup after install."
516- sleep 5
511+ if [[ $INSTALLWITHSETUP = " yes" ; then
512+ echo_log " INFO: install with setup option set, continuing with setup after install."
513+ sleep 5
514+ else
515+ echo_log " OK: install ES done. Restarting splunk in 5s"
516+ sleep 5
517+
518+ echo_log " INFO: restarting splunk (ignore warning there, we haven't yet done ES setup)"
519+ echo_log " INFO: if you get prompted here by systemctl, you havent configured polkit properly , please fix this before running this script"
520+ ${SPLUNK_HOME} /bin/splunk restart
521+
522+ echo_log " INFO: waiting 5s after restart"
523+ sleep 5
524+ fi
517525else
518- echo_log " OK: install ES done. Restarting splunk in 5s"
519- sleep 5
520-
521- echo_log " INFO: restarting splunk (ignore warning there, we haven't yet done ES setup)"
522- echo_log " INFO: if you get prompted here by systemctl, you havent configured polkit properly , please fix this before running this script"
523- ${SPLUNK_HOME} /bin/splunk restart
524-
525- echo_log " INFO: waiting 5s after restart"
526- sleep 5
527-
528- ${SPLUNK_HOME} /bin/splunk login -auth $SPLADMIN :$SPLPASS
526+ echo_log " installation step skipped at user request"
529527fi
530528
531-
529+ ${SPLUNK_HOME} /bin/splunk login -auth $SPLADMIN : $SPLPASS
532530
533531# debug flags in case TCPOutloop crash with 8.2.x
534532
0 commit comments