Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk forwarder issue after installation in Windows

briansarmiento
Explorer
‎01-27-2020 12:58 PM

Hi all,

I'm having several issues after installing Splunk Forwarder on Any Win10 Device. (Win 10, Win Server 2012,2016).

I'm using the following line:

msiexec.exe /i splunkforwarder-7.3.4.msi FORWARD_SERVER="ADDserver:9991" WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 SPLUNKPASSWORD=*Password* /L*v logfile.txt LAUNCHSPLUNK=1 SERVICESTARTTYPE=auto AGREETOLICENSE=yes /quiet

The App gets installed and but no Logs packages are sent to the Server, The netstat command doesn't show me any: 9991 port connection.
I've done the confirmation using "sc query SplunkForwarder" and the service is running, but again no log gets to be sent to my Splunk Console (Server).

Help please, I'll provide any information you want to know. Or that I'm missing

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jhornsby_splunk
Splunk Employee
Splunk Employee
‎01-28-2020 02:49 AM

Hi @briansarmiento,

The property to set to specify an indexer for the UF is RECEIVING_INDEXER, not FORWARD_SERVER. Please see here: https://docs.splunk.com/Documentation/Forwarder/7.3.4/Forwarder/InstallaWindowsuniversalforwarderfro...

Cheers,

- Jo.

View solution in original post

Reply
Solved! Jump to solution
Solution

jhornsby_splunk
Splunk Employee
Splunk Employee
‎01-28-2020 02:49 AM

Hi @briansarmiento,

The property to set to specify an indexer for the UF is RECEIVING_INDEXER, not FORWARD_SERVER. Please see here: https://docs.splunk.com/Documentation/Forwarder/7.3.4/Forwarder/InstallaWindowsuniversalforwarderfro...

Cheers,

- Jo.

Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎01-27-2020 01:31 PM

Hi brainsarmiento,

assuming you ran the netstat on the nix indexer to check port 9991 - that might sound like a networking/routing/firewall issue.
Here is also a good troubleshooting guide https://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Cantfinddata if it's not related to connectivity.

Hope this helps ...

cheers, MuS

Reply
Solved! Jump to solution

briansarmiento
Explorer
‎01-27-2020 02:42 PM

Hi MuS,

how can I confirm its a Firewall issue?, Cause all of my infrastructure its connected to LAN.

0 Karma
Reply
Solved! Jump to solution

MuS
SplunkTrust
SplunkTrust
‎01-27-2020 04:05 PM

Login to one server that runs the universal forwarder and run a telnet ADDserver 9991 and see if you get a connection established or a timeout.

cheers, MuS

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...