Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Spunkd failed to start after Enable APP "Universal Forwarder"

iorp01
Engager
‎04-11-2011 07:19 AM

Hi there,

I'm running Splunk in a Testenvironment and I'm just trying to deploy the universal forwarder to some other W2K8 Servers. To do this, I wanted to enable the App in the Splunk-Webinterface. After doing that, the Splunk-Service on the Server has to be manually restarted. When I try to do this, the service starts up, but after 5 five seconds the service goes into the stopped-state again. Only when I manually edit the app.conf to state = disabled, the service starts again. But of course the app is disabled then. I don't know what I'm doing wrong. Does anyone know what to do?

The only errormessage I get is in the Eventlog: Faulting application name: splunkd.exe, version: 0.0.0.0, time stamp: 0x4d7a0138 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0 Exception code: 0xeeab5254 Fault offset: 0x000000000000aa7d Faulting process id: 0x934 Faulting application start time: 0x01cbf816567f4172 Faulting application path: C:\Program Files\Splunk\bin\splunkd.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9c94e584-6409-11e0-b367-005056bf0053

Thanks in advance, Pascal

Reply

ftk
Motivator
‎04-11-2011 12:58 PM

Instead of installing a regular Splunk instance and then enabling an app (as you would do with the lightweight forwarder), you must deploy the UniversalForwarder using a separate installer, available here: http://www.splunk.com/download/universalforwarder

Here is the relevant documentation to installing the UF on Windows: http://www.splunk.com/base/Documentation/latest/Deploy/DeployaWindowsdfmanually

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...