Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Sysmon deploy.bat and update.bat files thowing...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sysmon deploy.bat and update.bat files showing errors?
I'm using the deploy.bat and update.bat you packaged with the add-on but I get errors If I run them from an admin command prompt but it still appears to work with the install . any ideas why the errors still occur?
C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-Sysmon-deploy\bin>update.bat
| was unexpected at this time.
then the update:
Fri 07/06/2018-16:43:19.28 The SplunkUniversalForwarder is installed at C:\Program Files\SplunkUniversalForwarder
Fri 07/06/2018-16:43:19.28 Checking for Sysmon
1
Fri 07/06/2018-16:43:19.28 Sysmon found, checking version
Fri 07/06/2018-16:43:19.28 Sysmon binary is outdated, un-installing
Stopping Sysmon.
Sysmon stopped.
Sysmon removed.
Stopping SysmonDrv..
SysmonDrv stopped.
SysmonDrv removed.
Removing service files.
Fri 07/06/2018-16:43:19.28 Sysmon not found, proceding to install
Fri 07/06/2018-16:43:19.28 Copying the latest config file
0% copied
100% copied 1 file(s) copied.
Fri 07/06/2018-16:43:19.28 Installing Sysmon
Fri 07/06/2018-16:43:19.28 Install failed
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the late response, but great thanks to @jdhunter for fixing the issue. I'll update the app on SplunkBase right away and incorporate the fix.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would get the failed result regardless. I had to change the s to uppercase in "Sysmon installed" and that corrected all of the Install Failed messages I was receiving.
deploy.bat
echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use this command. I hope you'll not face any error and it'll work as you desired.
You need to correct some mistakes causing the error.
/accepteula -> -accepteula
c:\windows\config.xml -> "c:\windows\config.xml"
echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" -accepteula -i "c:\windows\config.xml" | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
