Installation

How to install splunk forwarder splunkforwarder-9.0.0.1-9e907cedecb1-x64-release.msi on windows?

bastiaanneveatg
Engager

This gives me the following warnings:

PS C:\Program Files> .\SplunkUniversalForwarder\bin\splunk.exe btool --check --debug
Unrecognized argument: --check

PS C:\Program Files> .\SplunkUniversalForwarder\bin\splunk.exe btool check --debug
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\learned\local\props.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\default-mode.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\health.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\inputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\limits.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\outputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\props.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\server.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\default\web.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\default\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\default\inputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\introspection_generator_addon\default\server.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\apps\search\default\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\search\default\props.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\search\default\restmap.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\search\default\transforms.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\splunk_httpinput\default\inputs.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\apps\splunk_internal_metrics\default\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\splunk_internal_metrics\default\props.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\apps\splunk_internal_metrics\default\transforms.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\manager-apps\_cluster\default\indexes.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\alert_actions.conf
Invalid key in stanza [webhook] in C:\Program Files\SplunkUniversalForwarder\etc\system\default\alert_actions.conf, line 22
9: enable_allowlist (value: false).
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\system\default\app.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\audit.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\authentication.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\authorize.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\system\default\conf.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\default-mode.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\system\default\federated.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\global-banner.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\health.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\inputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\limits.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\livetail.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\messages.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\metric_alerts.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\metric_rollups.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\outputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\procmon-filters.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\props.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\restmap.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\server.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\source-classifier.conf
No spec file for: C:\Program Files\SplunkUniversalForwarder\etc\system\default\telemetry.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\transforms.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\visualizations.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\web-features.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\web.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\workload_policy.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\workload_pools.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\default\workload_rules.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\authentication.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\deploymentclient.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\migration.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\outputs.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\server.conf
Checking: C:\Program Files\SplunkUniversalForwarder\etc\system\local\user-seed.conf

PS C:\Program Files>

When I try to upgrade the Universal installer to splunkforwarder-9.0.1-82c987350fde-x64-release.msi the install process hangs. But finally it went on.

Iám looking for a workaround for tese warnings on my Windows Forwarder.

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

IMO, all of those messages can be ignored.  Remove the --debug option to get rid of most of them.  The rest point to omissions Splunk made when delivering apps with the forwarder.  It's not on you to fix them.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

IMO, all of those messages can be ignored.  Remove the --debug option to get rid of most of them.  The rest point to omissions Splunk made when delivering apps with the forwarder.  It's not on you to fix them.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...