All Apps and Add-ons

Sysmon deploy.bat and update.bat files thowing errors

Path Finder

I'm using the deploy.bat and update.bat you packaged with the add-on but I get errors If I run them from an admin command prompt but it still appears to work with the install . any ideas why the errors still occur?

C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-Sysmon-deploy\bin>update.bat
| was unexpected at this time.

then the update:

Fri 07/06/2018-16:43:19.28 The SplunkUniversalForwarder is installed at C:\Program Files\SplunkUniversalForwarder
Fri 07/06/2018-16:43:19.28 Checking for Sysmon
Fri 07/06/2018-16:43:19.28 Sysmon found, checking version
Fri 07/06/2018-16:43:19.28 Sysmon binary is outdated, un-installing
Stopping Sysmon.
Sysmon stopped.
Sysmon removed.
Stopping SysmonDrv..
SysmonDrv stopped.
SysmonDrv removed.
Removing service files.
Fri 07/06/2018-16:43:19.28 Sysmon not found, proceding to install
Fri 07/06/2018-16:43:19.28 Copying the latest config file

0% copied
100% copied 1 file(s) copied.
Fri 07/06/2018-16:43:19.28 Installing Sysmon
Fri 07/06/2018-16:43:19.28 Install failed

0 Karma


Sorry for the late response, but great thanks to @jdhunter for fixing the issue. I'll update the app on SplunkBase right away and incorporate the fix.

0 Karma

Path Finder

I would get the failed result regardless. I had to change the s to uppercase in "Sysmon installed" and that corrected all of the Install Failed messages I was receiving.


echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!