Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Remotely run .spl file

Kat7
Explorer
‎09-21-2021 12:41 PM

I'm working on building a remote deployment for the Splunk Universal Forwarder with PDQ Deploy on our Windows 10 computers.  I can run the initial splunk forwarder .msi installation without issue, but when I try to run the .spl file to sync the computer to our Splunk cloud environment, it errors out every time.

The command I'm using works fine when I run it locally, but I get "login failed" when I run it through PDQ.

cd "C:\Program Files\SplunkUniversalForwarder\bin"
splunk install app \splunkclouduf.spl -auth username:password

Is there a tweak I can make to the command or another way to accomplish the sync to our cloud environment?

Thanks in advance!

Labels (3)
0 Karma
Reply

Cliff-M
Engager
‎02-13-2024 03:26 PM

I am having this same issue were you able to resolve it? If so, what steps did you take?

0 Karma
Reply

Kat7
Explorer
‎02-14-2024 05:04 AM

What I ended up doing was copying the .spl file here (after creating the Desktop folder) C:\Program Files\SplunkUniversalForwarder\bin\Desktop.

Then I copy the applicable Forwarder Management app folders are here: C:\Program Files\SplunkUniversalForwarder\etc\apps.  The best way I found was to compare the folders on your test machine to a computer that you previously set up "correctly," and then copy over any missing folders.  These will generally be the same folders every time. 

Then I open an administrator command prompt and run these commands:
        cd "C:\Program Files\SplunkUniversalForwarder\bin"
        splunk restart
Once the last command finishes, you should be good to go.

My PDQ deployment looks like this:
Step 1: Install Universal Forwarder
Step 2: Powershell script
      New-Item -ItemType "directory" -Path "c:\\program Files\SplunkUniversalForwarder\bin\Desktop"
Step 3: File Copy- Copy .spl file into the folder created in step 2.
Step4: File Copy- Copy any needed app folders into here (if multiple app folders need to be copied over, each folder will be its own step in PDQ): 
                c:\\Program Files\SplunkUniversalForwarder\etc\apps
Step 5: Command Prompt- 
               cd "C:\Program Files\SplunkUniversalForwarder\bin"
                splunk restart

Hope this is helpful!

Reply

danielcj
Communicator
‎09-21-2021 09:30 PM

Hello,

Could you try to unpack the splunkclouduf.spl package and move it to the C:\Program Files\SplunkUniversalForwarder\etc\apps\ folder and then restart the UF instance?

Something like that:

 

tar xvf splunkclouduf.spl

mv <extracted_folder> C:\Program Files\SplunkUniversalForwarder\etc\apps\

splunk restart

 

0 Karma
Reply

Kat7
Explorer
‎09-22-2021 07:59 AM

I gave that a try but the computer still doesn't show up in the cloud.  

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Top