Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Universal Forwarder can't be uninstalled by an...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Splunkys,
I installed the Universal Forwarder on 3 different machines in the same domain testwise (all windows 2008 r2). A few days later my collegue tried to uninstall them but he couldn't find the uninstaller in the control center. As I tried to uninstall the software I found the uninstaller in control center -> Programs & ...
Is this normal? Both of us are Serveradmins with exactly the same priviledges (both accounts were created at the same time). There should be a way, that also other server admins could uninstall this piece of software. Otherwise we have to create a special "install software account".
Are there any other facing this problem?
regards
Jan
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've written this batch script, did the trick for me.
Running the command pointed by UninstallString REG_SZ in registry would just show "This action is only valid for products that are currently installed."
So the trick is to rerun the Installer then stop and remove service then grab that UninstallString command and launch it.
If you have 100s of UF to uninstall might become a bit trick so here is the batch script customUFUninstall.bat:
rem First argument is full path to the installer name (must be same used during previous installation)
rem Second argument is full existing installation path (where it is currently installed and needs to be removed)
sc stop SplunkForwarder
sc delete SplunkForwarder
call MsiExec /i %1 AGREETOLICENSE=Yes INSTALLDIR=%2 LAUNCHSPLUNK=0 /quiet
reg query HKLM\Software\Microsoft /t REG_SZ /s /f %2% | findstr InstallProperties > temp.txt
set /p splunkKey=<temp.txt
reg query %splunkKey% /s | findstr UninstallString > temp.txt
for /F "tokens=3,4* delims= " %%i in (temp.txt) do %%i %%j
del temp.txt
echo Uninstall Complete
Istructions:
- Login to the host where the UF is installed using Administrator account
- Create a folder Y:\myscript
- Drop the attached customUFUninstall.bat script in Y:\myscript
- Copy the same binary (e.g. splunkforwarder-4.3.6-153775-x64-release.msi) used to install existing UF forwarder installation to Y:\myscript
- Locate full path to existing installation which has to be removed (e.g. H:\Programs\Splunk\Splunk_Universal_Forwarder_436)
- CD to Y:\myscript and launch the command below:
customUFUninstall.bat
e.g. customUFIUninstall.bat splunkforwarder-4.3.6-153775-x64-release.msi H:\Programs\Splunk\Splunk_Universal_Forwarder_436 - Click 'Yes' or 'OK' at any window.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've written this batch script, did the trick for me.
Running the command pointed by UninstallString REG_SZ in registry would just show "This action is only valid for products that are currently installed."
So the trick is to rerun the Installer then stop and remove service then grab that UninstallString command and launch it.
If you have 100s of UF to uninstall might become a bit trick so here is the batch script customUFUninstall.bat:
rem First argument is full path to the installer name (must be same used during previous installation)
rem Second argument is full existing installation path (where it is currently installed and needs to be removed)
sc stop SplunkForwarder
sc delete SplunkForwarder
call MsiExec /i %1 AGREETOLICENSE=Yes INSTALLDIR=%2 LAUNCHSPLUNK=0 /quiet
reg query HKLM\Software\Microsoft /t REG_SZ /s /f %2% | findstr InstallProperties > temp.txt
set /p splunkKey=<temp.txt
reg query %splunkKey% /s | findstr UninstallString > temp.txt
for /F "tokens=3,4* delims= " %%i in (temp.txt) do %%i %%j
del temp.txt
echo Uninstall Complete
Istructions:
- Login to the host where the UF is installed using Administrator account
- Create a folder Y:\myscript
- Drop the attached customUFUninstall.bat script in Y:\myscript
- Copy the same binary (e.g. splunkforwarder-4.3.6-153775-x64-release.msi) used to install existing UF forwarder installation to Y:\myscript
- Locate full path to existing installation which has to be removed (e.g. H:\Programs\Splunk\Splunk_Universal_Forwarder_436)
- CD to Y:\myscript and launch the command below:
customUFUninstall.bat
e.g. customUFIUninstall.bat splunkforwarder-4.3.6-153775-x64-release.msi H:\Programs\Splunk\Splunk_Universal_Forwarder_436 - Click 'Yes' or 'OK' at any window.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have not seen this on Win2K8 but I have seen it with other apps on older versions of Windows. A few years ago, I had a co-worker tell me he could not remove an app from one of our servers (Win2k) but when I logged onto the server, it was listed. We were in the same domain group and defined as admins on the server. Go figure. We never did figure out why this happened.
Did you check the registry to see if there was any thing odd about the application's definitions?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
