I can't make this script work for forwarder deployment. It takes up a lot of time to deploy to many servers..
I guess it has som obvious flaw that i can't see...
My script:
[Edit]
$DEPLOYMENT_SERVER="SPLUNK-05:8089"
$RECEIVING_INDEXER="SPLUNK-05:9997"
$MONITOR_PATH="C:\Temp\"
$CERTFILE="c:\temp\cert.pfx"
$CERTPASSWORD="pass"
$LOGON_USERNAME="Admin"
$LOGON_PASSWORD="pass"
$SET_ADMIN_USER=1
$SPLUNKUSERNAME="Admin"
$SPLUNKPASSWORD="pass"
$AGREETOLICENSE="yes"
msiexec.exe /i "\\server\splunkforwarder-8.1.2-545206cc9f70-x64-release.msi" DEPLOYMENT_SERVER=$DEPLOYMENT_SERVER RECEIVING_INDEXER=$RECEIVING_INDEXER MONITOR_PATH=$MONITOR_PATH CERTFILE=$CERTFILE CERTPASSWORD=$CERTPASSWORD SET_ADMIN_USER=$SET_ADMIN_USER SPLUNKUSERNAME=$SPLUNKUSERNAME SPLUNKPASSWORD=$SPLUNKPASSWORD AGREETOLICENSE=$AGREETOLICENSE /Quiet
@jho-splunk : The original script doesn't contain slashes, just me trying to figure out wht it doesn't work.
I removed the slashes from the post now, i realize it would create confusion.
Question is what error you get. "I can't make it work" is not very descriptive.
No error.
If i run with /quiet, the script ends instantly.
If i run the script without /quiet, it just opens the regular install dialog..
Seems like it doesn't care about all the arguments..
As @jho-splunk noticed, you put variables as simply key=value pairs, not with a slash, as msiexec parameter.
That's one.
But the other thing that looks strange is those backticks - are they because of you pasting here the command or do you have them in your original command?
EDIT: Oh, and to agree to a license you have to specify Yes/No, not 1/0.
@PickleRick: I pasted a "working" version of the script. I see now that i had posted a tweaked version..
OK. I tried to run your script. Did you look into the event log?
In my case (I already have older version of UF installed), I get EventID 11730
Product: UniversalForwarder -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
If I remove the /quiet switch, indeed the installer starts interactively.
Try adding /L*v some\log\file.txt and review the file after the install starts and terminates.
Is this script too slow to deploy for your organization? I have a powershell script that we use at my organization. I can share it with you if you'd like.
@Stefanie Yes please.
$Environment = [System.Net.Dns]::GetHostByName(($env:COMPUTERNAME))
Write-Host "This script will only work as admin!" -BackgroundColor Magenta
#Installs the Splunk Forwarder
Start-Process -FilePath C:\Windows\system32\msiexec.exe -ArgumentList "/i splunkforwarder-8.2.0-e053ef3c985f-x64-release.msi AGREETOLICENSE=Yes SERVICESTARTTYPE=auto GENRANDOMPASSWORD=1 /quiet" -Wait -NoNewWindow
#Stop the Splunk Universal Forwarder
Write-Host "Stopping the Splunk Forwarder Service"
Stop-Service -Name SplunkForwarder
Start-Sleep -Seconds 5
#Copy the zzz_config file into the Splunk Program Files
Write-Host "Copying the configuration files"
Copy-Item -Path .\zzz_config_base -Recurse -Destination "C:\Program Files\SplunkUniversalForwarder\etc\apps\"
Start-Sleep -Seconds 5
#Restart the splunk service
Do{
Write-Host "Attempting to restart Splunk Forwarder Service"
Start-Service -Name SplunkForwarder
Start-Sleep -Seconds 10
$Splunk = Get-Service -Name SplunkForwarder
}until($Splunk.Status -eq "Running")
Write-Host "Splunk Service restarted successfully" -ForegroundColor Green
In the folder of my script I have another folder named "zzz_config_base" and in that folder, a "local" folder, and in the local folder is my deploymentclient.conf file which you can create. That conf file has your information to point the forwarder to your Deployment Server.
@Stefanie Your script worked well with a few adapations. Thx!