The Old Service
In the old days, a Splunk administrator could use a URL with a query string and download a Splunk Enterprise or Universal Forwarder (UF) package of the desired version, based on the architecture, platform, and package manager in use. For example, this would download the latest version of the UF for a Fedora-like Linux computer running on 64-bit AMD/Intel:
wget -O splunkforwarder.rpm "https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=latest&product=universalforwarder&filename=rpm&wget=true"This made it possible to automate Splunk software updates using scripts that could form this query to select the appropriate package based on the environment. It made maintenance a little easier. Splunk warned us not to depend on this because it might change (I don’t have a reference to where I read this years ago) and ultimately, they broke it. My universal installation scripts no longer ran.
The new download URLs are fine, but you need to know the actual filenames to download anything. The new URLs are not useful for automation.
A New Service
I got around to writing an alternative service to replace the old query method that is in beta today (2022-12).
The syntax of the service is close but not identical to the original. Here is an example that would do the same thing as the example above:
wget -O splunkforwarder.rpm "https://splunkpkg.frankwayne.com/download?architecture=x86_64&platform=linux&version=latest&product=universalforwarder&filename=rpm"(Note that the wget parameter is not required or supported.)
Hitting this URL will result in a 307 redirect to the official package link on Splunk’s site, which will download the package either with wget or in a browser.
There are also a couple of new features. Instead of returning a redirect, the service can also return the Splunk URL (use the argument return=text). You can also get the message digest of the package file, either MD5 or SHA512, directly from Splunk instead of the actual package (use digest=md5 or digest=sha512).
For a list of all the parameters and functionality, see https://splunkpkg.frankwayne.com/help.
Feedback
If you use the service, let me know if you run into any difficulties or find any bugs. I will have to manually update the help page if Splunk adds any new platforms or architectures, so let me know if you notice anything missing.