Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Set universal forwarder destination after startup

dadi
Path Finder
‎03-21-2012 04:00 AM

Hi,

I install Splunk Universal Forwarder on a Windows server 2008. The Splunk-Server IP is known only after startup. So i want to set the destination only after windows start, and i want to do it from non-administrator account.
I was able to do it from administrator account (run splunk, set forward-server, restart). But i cant do it from non-administrator account.

Any idea how to do it?

thanks,

Doron

Tags (1)
0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 04:43 AM

Could you not use the DNS name? /K

Reply

MarioM
Motivator
‎03-21-2012 04:14 AM

you can create/edit outputs.conf in splunk/etc/system/local,as per example:

[tcpout]

## outputs.conf additions
disabled=false
defaultGroup=indexCluster

## For load balanced Splunk Forwarding (enabled by default)
[tcpout:indexCluster]
server=1.1.1.1:9997,2.2.2.2:9997,3.3.3.3:9997
autoLB = true

## For non load balanced lightweight Splunk Forwarding (disabled by default)
#[tcpout:indexCluster]
#server=1.1.1.1:9997
0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 05:12 AM

I assume that you are doing this in some sort of test environment, which is fine - but it is probably NOT a good idea to have your Splunk Indexer(s) on DHCP when moving into production.

0 Karma
Reply

MarioM
Motivator
‎03-21-2012 05:04 AM

unfortunately there is no magic without admin rights but as Kristian.kolb mentionned you should use DNS name which you can update with the proper ip

0 Karma
Reply

kristian_kolb
Ultra Champion
‎03-21-2012 04:59 AM

That would require a restart of the splunkd service.

0 Karma
Reply

dadi
Path Finder
‎03-21-2012 04:50 AM

thanks. i did that, but than i need to restart the service (right?), and this can't be done without administrator privilages.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...