Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Spunkd failed to start after Enable APP "Universal Forwarder"

iorp01
Engager
‎04-11-2011 07:19 AM

Hi there,

I'm running Splunk in a Testenvironment and I'm just trying to deploy the universal forwarder to some other W2K8 Servers. To do this, I wanted to enable the App in the Splunk-Webinterface. After doing that, the Splunk-Service on the Server has to be manually restarted. When I try to do this, the service starts up, but after 5 five seconds the service goes into the stopped-state again. Only when I manually edit the app.conf to state = disabled, the service starts again. But of course the app is disabled then. I don't know what I'm doing wrong. Does anyone know what to do?

The only errormessage I get is in the Eventlog: Faulting application name: splunkd.exe, version: 0.0.0.0, time stamp: 0x4d7a0138 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfe0 Exception code: 0xeeab5254 Fault offset: 0x000000000000aa7d Faulting process id: 0x934 Faulting application start time: 0x01cbf816567f4172 Faulting application path: C:\Program Files\Splunk\bin\splunkd.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9c94e584-6409-11e0-b367-005056bf0053

Thanks in advance, Pascal

Reply

ftk
Motivator
‎04-11-2011 12:58 PM

Instead of installing a regular Splunk instance and then enabling an app (as you would do with the lightweight forwarder), you must deploy the UniversalForwarder using a separate installer, available here: http://www.splunk.com/download/universalforwarder

Here is the relevant documentation to installing the UF on Windows: http://www.splunk.com/base/Documentation/latest/Deploy/DeployaWindowsdfmanually

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...