Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to remotely restart universal forwarder

adamblock1
Explorer
‎06-18-2015 01:11 PM

I am attempting to restart a universal forwarder which is running on a Windows server. I enter the following: hxxps://server:8089/services/server/control/restart, replacing "server" with the hostname/ip of the server. I am then prompted to enter the admin user/password.

After the credentials are accepted, instead of the forwarder restarting, I receive the following:

<response>
<messages>
<msg type="ERROR">
In handler 'server-control': Invalid request, restart requires POST (handler: server-control, action:restart, eai action: list).
</msg>
</messages>
</response>

Assistance with this would be greatly appreciated.

Thank you.

0 Karma
Reply

ddrillic
Ultra Champion
‎09-26-2016 12:58 PM

The following can help a bit at Restart a UF via CLI / other remote means

0 Karma
Reply

dominiquevocat
SplunkTrust
SplunkTrust
‎09-26-2016 12:10 PM

You might be able to make use of this app: https://splunkbase.splunk.com/app/2775/

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎06-18-2015 01:19 PM

Hi adamblock1,

Well the message is pretty clear, it says restart requires POST and like in the docs http://docs.splunk.com/Documentation/Splunk/6.2.3/RESTREF/RESTsystem#server.2Fcontrol.2Frestart use the provided example and run 

curl -k -u admin:changeme https://localhost:8089/services/server/control/restart -X POST

and it will work. But, I don't know if this is going to work on an UF as well, since the supported remote commands http://docs.splunk.com/Documentation/Splunk/6.2.3/Admin/AccessandusetheCLIonaremoteserver do not include 

Start, stop, restart
Status, version

Maybe you can provide an update if it's working 😉

Hope that helps ...

cheers, MuS

Reply

splunkreal
Motivator
‎10-28-2020 04:01 AM

yes it still works, I think the UF downloads the conf and restarts by itself 🙂

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...