Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Re: Remotely run .spl file
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remotely run .spl file
I'm working on building a remote deployment for the Splunk Universal Forwarder with PDQ Deploy on our Windows 10 computers. I can run the initial splunk forwarder .msi installation without issue, but when I try to run the .spl file to sync the computer to our Splunk cloud environment, it errors out every time.
The command I'm using works fine when I run it locally, but I get "login failed" when I run it through PDQ.
cd "C:\Program Files\SplunkUniversalForwarder\bin"
splunk install app \splunkclouduf.spl -auth username:password
Is there a tweak I can make to the command or another way to accomplish the sync to our cloud environment?
Thanks in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having this same issue were you able to resolve it? If so, what steps did you take?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What I ended up doing was copying the .spl file here (after creating the Desktop folder) C:\Program Files\SplunkUniversalForwarder\bin\Desktop.
Then I copy the applicable Forwarder Management app folders are here: C:\Program Files\SplunkUniversalForwarder\etc\apps. The best way I found was to compare the folders on your test machine to a computer that you previously set up "correctly," and then copy over any missing folders. These will generally be the same folders every time.
Then I open an administrator command prompt and run these commands:
cd "C:\Program Files\SplunkUniversalForwarder\bin"
splunk restart
Once the last command finishes, you should be good to go.
My PDQ deployment looks like this:
Step 1: Install Universal Forwarder
Step 2: Powershell script
New-Item -ItemType "directory" -Path "c:\\program Files\SplunkUniversalForwarder\bin\Desktop"
Step 3: File Copy- Copy .spl file into the folder created in step 2.
Step4: File Copy- Copy any needed app folders into here (if multiple app folders need to be copied over, each folder will be its own step in PDQ):
c:\\Program Files\SplunkUniversalForwarder\etc\apps
Step 5: Command Prompt-
cd "C:\Program Files\SplunkUniversalForwarder\bin"
splunk restart
Hope this is helpful!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Could you try to unpack the splunkclouduf.spl package and move it to the C:\Program Files\SplunkUniversalForwarder\etc\apps\ folder and then restart the UF instance?
Something like that:
tar xvf splunkclouduf.spl
mv <extracted_folder> C:\Program Files\SplunkUniversalForwarder\etc\apps\
splunk restart
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I gave that a try but the computer still doesn't show up in the cloud.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
