Hello,
I am trying to create a golden image of Windows 2008r2 with a Splunk forwarder on it. I tried running the command SplunkUniversalForwarder\bin\splunk cone-prep-clear-config
, but I got an error stating cone-prep-clear-config is not a valid command. I have successfully ran this command on Linux. Am I supposed to use some other command for Windows?
Error:
PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe cone-prep-clear-config
Command error: 'cone-prep-clear-config' is not a valid command. Please run 'splunk help' to see the valid commands.
Data forwarding configuration management tools.
Commands:
enable local-index [-parameter <value>] ...
disable local-index [-parameter <value>] ...
display local-index
add [forward-server|search-server] server
remove [forward-server|search-server] server
list [forward-server|search-server]
Objects:
forward-server a Splunk forwarder to forward data to be indexed
search-server a Splunk server to forward searches
local-index a local search index on the Splunk server
dhruva123
Make sure when you install the universal forwarder that you use the command line switch LAUNCHSPLUNK=0
That stops the universal forwarder from starting after the installation is complete otherwise the splunk.exe clone-prep-clear-config
command won't be able to clear all the files.
Make sure this is the last thing you do before you power off the master/golden image for the last time. If you reboot you will need to stop the universal forwarder service again and rerun the splunk.exe clone-prep-clear-config
command again.
Per the docs on integrating a universal forwarder onto a system image, it's
C:\Program Files\SplunkUniversalForwarder\bin> splunk.exe clone-prep-clear-config
You had "cone" instead of "clone". Don't know if that was your actual problem or not, but it could be.