Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Set universal forwarder destination after startup

dadi
Path Finder
‎03-21-2012 04:00 AM

Hi,

I install Splunk Universal Forwarder on a Windows server 2008. The Splunk-Server IP is known only after startup. So i want to set the destination only after windows start, and i want to do it from non-administrator account.
I was able to do it from administrator account (run splunk, set forward-server, restart). But i cant do it from non-administrator account.

Any idea how to do it?

thanks,

Doron

Tags (1)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 04:43 AM

Could you not use the DNS name? /K

Reply

MarioM
Motivator
‎03-21-2012 04:14 AM

you can create/edit outputs.conf in splunk/etc/system/local,as per example:

[tcpout]

## outputs.conf additions
disabled=false
defaultGroup=indexCluster

## For load balanced Splunk Forwarding (enabled by default)
[tcpout:indexCluster]
server=1.1.1.1:9997,2.2.2.2:9997,3.3.3.3:9997
autoLB = true

## For non load balanced lightweight Splunk Forwarding (disabled by default)
#[tcpout:indexCluster]
#server=1.1.1.1:9997
0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 05:12 AM

I assume that you are doing this in some sort of test environment, which is fine - but it is probably NOT a good idea to have your Splunk Indexer(s) on DHCP when moving into production.

0 Karma
Reply

MarioM
Motivator
‎03-21-2012 05:04 AM

unfortunately there is no magic without admin rights but as Kristian.kolb mentionned you should use DNS name which you can update with the proper ip

0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 04:59 AM

That would require a restart of the splunkd service.

0 Karma
Reply

dadi
Path Finder
‎03-21-2012 04:50 AM

thanks. i did that, but than i need to restart the service (right?), and this can't be done without administrator privilages.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...