All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft Windows: Failed to install app

MedralaG
Communicator
‎12-08-2017 06:31 AM

I can see the following error appearing every minute or one of the hosts with a UF installed.
I have tried removing the app on the UF and restarting it, the app gets re deployed by the DS but its still says it's failing the installation.
The same app is deployed to over 600 hosts and only fails on 3. 

12-08-2017 14:20:48.524 +0000 WARN  DeployedApplication - app=Splunk_TA_windows was already installed via search head cluster deployer, UI, CLI, or REST API; it may not be overridden via deployment server; remove existing app=Splunk_TA_windows via search head cluster deployer, UI, CLI, or REST API if you wish to install it via deployment server host =   XXXXXXXXXX source =           C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log sourcetype =            splunkd
0 Karma
Reply

htidore
Path Finder
‎12-09-2017 01:05 AM

Just by reading the error message, it seems that your UF may also be pointing to a Deployer. Check the forward-server list of the UF.

0 Karma
Reply

MedralaG
Communicator
‎12-11-2017 02:43 AM

We don't have a Deployer in that environment.
What do you mean by the firward-server list?
As in the list of servers in the outputs.conf?

0 Karma
Reply

htidore
Path Finder
‎12-11-2017 05:26 PM

Take a look at this thread.
https://answers.splunk.com/answers/319215/after-upgrading-windows-forwarders-from-splunk-611.html

If the UF is newly upgraded, it could be the case of manual upgrade includes auto creation of TA_windows.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...