Getting Data In

Issues with Splunk Windows universal forwarder zip file?

indudhar
Engager

Hi Team,

I am facing issues with Splunk universal forwarder installation-* in windows environment.

when I went through the Splunk.docs I came to know that Splunk universal forwarder on windows environment ZIP file will be provided only by the Splunk team.

Could you please help me on this installation/ZIP file ASAP.

Best Regards,
Indudhar

Labels (1)
0 Karma

verbal_666
Builder

2023, still no zip/7z Forwarder download for Windows Env?
I have a batch script to deploy forwarders on many hosts, and i need to "cook" my forwarder zip file from an installed msi, and it works fine.

Still no download for users with all older versions? 😒

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Let's be honest, the "just files" archive in case of windows forwarder doesn't make much sense. The installer creates a service, sets proper acls and so on. Yes, on unix versions you can do it on your own when installing from tgz but in windows creating a service is more complicated and admins typically don't do it manually. So it's much more "supportable" to have an MSI package and let the user who fancy it prepare the zip on their own than to have a zip laying around and have people download it and then complain that they can't make it start at boot.

0 Karma

verbal_666
Builder

Inside Windows you can manage forwarder as you manage in *nix.
Installing the service is done by splunk binary, just with a "splunk enable boot-start" and the proper Splunk server name in splunk-launch.conf . It's not such difficult 🙄
I have batch scripts that deploy zip files on any machine in network, configure and start it, as i have in *nix env.
So, zip files for Windows are not so unuseful!!! 😒

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. Let's just say that there are way more use cases where you could actually - for example - just unpack linux archive and provide own systemd unit files than unpack windows and create a service _without running executables_.  Actually in windows case I simply don't see much point in having a zip. But of course YMMV.

0 Karma

verbal_666
Builder

Ok, try this,

1) you have 1000 Windows servers
2) any server is used/shared by a sub.Team of a Company
(1 Applicative from UK, 1 Security from USA, 1 Sys.Admins from Canada)
3) so Company creates a 3 DS infrastructure which deploy each one its own addon for inputs/scripts
4) any Windows server needs 3 forwarder instances, anyone connected to its own DS (UK/USA/Canada)
5) try to install 3 forwarders, anynone in its own version (7.3 + 8.2 + 9.0) with .msi

Ah... ps.

6) i install my own 3 forwarder intances with their own DS ponting in 5 minutes with my cooked zip... MY COOKED ZIP... since i can't download it from Splunk repo 😴

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Come on, mate.

You're doing a completely unsupported, unrecommended thing - installing several instances of UF on the same host and complain that Splunk doesn't make it easy on you by providing you with a zip archive? Are you pulling my leg?

BTW, on the first glance it looks like you have some issues with processes and try to use technical solution to resolve political problems. But that's definitely not my problem 🙂

0 Karma

verbal_666
Builder

Right, run away, newbie 👍

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Have it your way, I'm not going to argue with you. Want to start calling me names? Please don't. Let's not turn this forum into some social-media group where trolls roam free. I could now start all this "oh, I'm sure more experienced than you" bullfeces but I won't. It makes no sense and doesn't bring any glory to anyone. That was just a friendly hint at what _might_ be wrong with your organization (just "might" because of course I don't have the big picture). Take it or leave it.

And about the main point - you can have your highly unusual and unsupported use case but don't expect splunk to bend over backwards to help you with that. You want to do something "your way", deal with it. Simple as that.

And I will not post a single message more in this thread. So have a nice life.

0 Karma

verbal_666
Builder

Ah, ps, just for your information: you can't install a multiple instance forwarder inside Windows using the .msi setup, since it update the previous or gets an error. Using zip you can install multiple instances (i have hosts with 2 instances by default for 2 both DS, and sometimes also more than 2 without a DS but only with manual deployed TA), as it does with *nix tgz.

0 Karma

verbal_666
Builder

So, why *nix distibutable repo has its own .deb .rpm AND .tgz ?
And why Windows does not? Let's talk about people that actually still think Windows is only a GUI OS? If so, those guys are IT beginners. Windows can be managed by CLI as *nix, and so Splunk!!!
I repeat, i deploy tens of forwarders without having to GUI login in any Windows host. And i cooked my zip by myself, the question is: WHY SPLUNK THINKS I HAVE TO COOK ZIP BY MYSELF? 😑
Said so, i close the question. So much splunk thinks like you 😟

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Firstly, that's in no way Splunk official standing in this subject, it's just my personal opinion.

Secondly, I never said you can't do it without gui. But in order to make it work, you can't just drop in files (as you can with linux; with other unices it's getting even more complicated so I'll not drag them here). You need to run some executables either to run splunk's "enable boot-start" or do some registry manipulation to create service entries. So there is not much use (especially compared to maintaining separate distribution packages). Honestly, I don't see any problem with running the MSI headless, pushing it with GPO or anything like that.

There are many different linux distros and not all use rpm and deb so giving plain tgz makes sense. In case of windows, it's kinda hard to see a production system not having a working Installer.

That's all.

0 Karma

tscroggins
Influencer

What sort of problem are you having? If you don't have access to Splunk support or if the zip installation doesn't work as expected, folks here can help with Windows issues, too.

0 Karma

diogofgm
SplunkTrust
SplunkTrust

If you are referring about this:
https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/InstallaWindowsuniversalforwarderfro...

It states:
"To get the file, you must contact your Support representative who can provide a download link."

Please contact support.
https://docs.splunk.com/Documentation/Splunk/7.3.1/Troubleshooting/ContactSplunkSupport

------------
Hope I was able to help you. If so, some karma would be appreciated.
0 Karma

indudhar
Engager

Hi Team,

I need Universal Forwarder 7.0.4 Version ZIP file.

Could you please help me on this.

Best Regards,
Indudhar

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...