I'm having several issues after installing Splunk Forwarder on Any Win10 Device. (Win 10, Win Server 2012,2016).
I'm using the following line:
msiexec.exe /i splunkforwarder-7.3.4.msi FORWARD_SERVER="ADDserver:9991" WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 SPLUNKPASSWORD=*Password* /L*v logfile.txt LAUNCHSPLUNK=1 SERVICESTARTTYPE=auto AGREETOLICENSE=yes /quiet
The App gets installed and but no Logs packages are sent to the Server, The netstat command doesn't show me any: 9991 port connection.
I've done the confirmation using "sc query SplunkForwarder" and the service is running, but again no log gets to be sent to my Splunk Console (Server).
Help please, I'll provide any information you want to know. Or that I'm missing
assuming you ran the
netstat on the nix indexer to check port
9991 - that might sound like a networking/routing/firewall issue.
Here is also a good troubleshooting guide https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Cantfinddata if it's not related to connectivity.
Hope this helps ...
how can I confirm its a Firewall issue?, Cause all of my infrastructure its connected to LAN.
Login to one server that runs the universal forwarder and run a
telnet ADDserver 9991 and see if you get a connection established or a timeout.
The property to set to specify an indexer for the UF is
FORWARD_SERVER. Please see here: https://docs.splunk.com/Documentation/Forwarder/7.3.4/Forwarder/InstallaWindowsuniversalforwarderfro...