How to install a Splunk universal forwarder via co...

email2vamsi · ‎07-07-2016

I am Installing a Splunk universal forwarder using the command line with the following command in "low-privilege" mode.
I want to use a local client account that is created prior to installation.
This command works fine if LOGON_USERNAME="ClientHostName\user_name" or LOGON_USERNAME="domain\user_name".
I cannot use a generic approach like LOGON_USERNAME=".\user_name". This way, it fails to install.
I want to use this generic approach, so that I can run this on a bunch of Windows clients.

msiexec /I splunkforwarder-6.1.9-272667-x64-release.msi /qn ALLUSERS=1 REBOOT=ReallySuppress DEPLOYMENT_SERVER="host:8089" /l*v c:\temp\splunk_install.log LOGON_USERNAME="ClientHostName\user_name" LOGON_PASSWORD="password" AGREETOLICENSE=Yes SET_ADMIN_USER=0 /quiet

muebel · ‎07-07-2016

Hi email2vamsi, you can utilize shell variable to include the hostname in the command, i.e.

#batch %computername%
msiexec /I splunkforwarder-6.1.9-272667-x64-release.msi /qn ALLUSERS=1 REBOOT=ReallySuppress DEPLOYMENT_SERVER="host:8089" /l*v c:\temp\splunk_install.log LOGON_USERNAME="%computername%\user_name" LOGON_PASSWORD="password" AGREETOLICENSE=Yes SET_ADMIN_USER=0 /quiet

#powershell $env:computername
msiexec /I splunkforwarder-6.1.9-272667-x64-release.msi /qn ALLUSERS=1 REBOOT=ReallySuppress DEPLOYMENT_SERVER="host:8089" /l*v c:\temp\splunk_install.log LOGON_USERNAME="$env:computername\user_name" LOGON_PASSWORD="password" AGREETOLICENSE=Yes SET_ADMIN_USER=0 /quiet

Please let me know if this answers your question! 😄

How to install a Splunk universal forwarder via command line in low-privilege mode?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?