Introducing the Splunk Universal Forwarder for Raspberry Pi!

So I’d like to introduce you to a new piece of technology we have released this week, the Splunk Universal Forwarder for Linux ARM (Raspberry Pi). Tested for deployment on Raspberry Pi, this version of the forwarder is designed to allow end users to capture data on embedded, low power ARM based devices and forward that data to Splunk Enterprise, Cloud, Storm, or Free instances. You can download the release, for free, right now at

I’ve got to assume that this forwarder will be a first introduction to Splunk for many in the Raspberry Pi community, so let me briefly tell you a bit about Splunk, its purpose, its architecture, and how to get started. I’ll also link you to the necessary documentation. If all goes well, you should be up, searching, analyzing and building dashboards with data from your Pi’s in less than a few hours.

First, Splunk’s mission is to make machine data accessible, useable and valuable to everyone. We feel strongly that “everyone” should include the maker community as well. You all are building tomorrow’s technology today, and I hope being able to take advantage of Splunk’s innovative analytics technology, search language, and dashboards will greatly accelerate and enhance your Raspberry Pi based projects.

Splunk can run as a standalone instance, but one of its most powerful and flexible features is its capability to receive large volumes of data from many distributed Splunk “Forwarders”. These Universal Forwarders are designed to be extremely lightweight Splunk instances who’s primary purpose is to take any data from the local machine and forward it to a Splunk index on another machine. They can be deployed in the thousands, all reporting data in near real-time back to a single Splunk indexer. They can be mass configured as well, and configuration of data inputs can be centrally managed. A Universal Forwarder is a perfect piece of technology for smaller computing systems like the Raspberry Pi as it can take any data from the Pi’s local logs, local scripts, and attached sensors and shields and send it quickly over the network to another instance of Splunk. For more on Splunk’s capability as a distributed data platform, please check out

For documentation on installing a Universal Forwarder, please see The installation information for *nix should work just fine. Please don’t forget to set Splunk to run on boot: For a basic introduction to Splunk, take a look at our general documentation And remember, Splunk is always available as a free download from

Hope you enjoy, and please let me know of any cool projects you are doing with Pi and Splunk. I’d love to highlight a few right here in this blog!

As always, please feel free to contact me via email at, on Linkedin at or on Twitter at @BrianMGilmore.

Brian Gilmore
Posted by

Brian Gilmore

Brian currently focuses on inspiring and enabling Splunk’s partners and 18,000+ worldwide customers to use the data from connected devices and assets to improve availability, performance and security in their businesses. With a career path that has spanned music, hospital administration, marine biology, and industrial automation, he's really happy he hasn't run out of industries who want to use data more effectively to improve both business outcomes and the human condition.

Join the Discussion