Getting Data In

Can you uninstall the universal forwarder from a script?

juniormint
Communicator

Sorry for the noob questions, but I am a Linux guy only recently forced back into the world of Windows.

What options there are for uninstall of the universal forwarder on windows?

I know you can do it via Add/Remove programs and if you happen to have the msi file then you can do it via the command line.

Is there another route to do it via command line (ie scriptable) which does not need the msi?

Do I need the original msi? or would a 5.0.3 msi work to trigger uninstall of a 5.0.0 UF?

0 Karma

antlefebvre
Communicator

On a computer with the Universal Forwarder installed.

Click start->Run->regedit

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Edit->Find then enter splunk

In that key you will see the UninstallString. Double click and copy that value.

Click start->Run-> cmd

at cli right click and paste that value. add /qn at the end of that string to silently uninstall.

Ex. for ver 5.0.2.149561 Win7

MsiExec.exe /X{73B67D46-99DB-40C8-9E76-9F870C519257} /qn

If you want to push this remotely there are many ways. I like psexec. Google pstools to download. Example installer below. You could modify for the uninstaller. Running this in a bat file or from cli will open a new cmd prompt to uninstall. Let it finish with an exit code before closing.

start cmd /k psexec \\#ipadd# -u "domain\domainadmin" -p "password" msiexec.exe /i "\\server\SplunkForwarder\splunkforwarder-5.0.2-149561-x86-release.msi" RECEIVING_INDEXER="splunkserver:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_FWD_ENABLE=1 WINEVENTLOG_SET_ENABLE=1 AGREETOLICENSE=Yes /quiet

adrianathome
Communicator

http://technet.microsoft.com/en-us/library/cc759262(v=ws.10).aspx#BKMK_Uninstall

I haven't done it myself. Google keywords: msiexec uninstall.

0 Karma

linu1988
Champion

Hello,
You can directly migrate to newer version without uninstalling the forwarder.

Below link will help you do it with the help of scripts:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Deploy/MigrateaWindowsforwarder
http://docs.splunk.com/Documentation/Splunk/5.0.3/Deploy/DeployaWindowsdfviathecommandline

Hope it will help!!!

0 Karma

juniormint
Communicator

Not really answers to my question, but good information. Thanks

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...