Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why did Agent splunk ended prematurely Windows Server 2012 R2?

EFFE4
New Member
‎07-25-2022 03:11 AM

Hi all,

I have a problem with installing splunk agent on windows 2012 R2 server.

I follow the installation via the wizard however the installation fails without returning error messages.

image.png

 

 

 






I have attempted to install the following versions without success:

  • 9.0.0
  • 8.2.7
  • 7.2.0

Below are the errors present in the log file C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd-utility:

07-25-2022 11:46:10.287 +0200 INFO ServerConfig - Found no hostname options in server.conf. Will attempt to use default for now.
07-25-2022 11:46:10.287 +0200 INFO ServerConfig - Host name option is "".
07-25-2022 11:46:10.318 +0200 WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts
07-25-2022 11:46:11.522 +0200 ERROR LimitsHandler - Configuration from app=SplunkUniversalForwarder does not support reload: limits.conf/[thruput]/maxKBps
07-25-2022 11:46:11.522 +0200 ERROR ApplicationUpdater - Error reloading SplunkUniversalForwarder: handler for limits (access_endpoints /server/status/limits/general): Bad Request
07-25-2022 11:46:11.522 +0200 ERROR ApplicationUpdater - Error reloading SplunkUniversalForwarder: handler for server (http_post /replication/configuration/whitelist-reload): Application does not exist: Not Found
07-25-2022 11:46:11.522 +0200 ERROR ApplicationUpdater - Error reloading SplunkUniversalForwarder: handler for web (http_post /server/control/restart_webui_polite): Application does not exist: Not Found
07-25-2022 11:46:11.522 +0200 WARN LocalAppsAdminHandler - User 'splunk-system-user' triggered the 'enable' action on app 'SplunkUniversalForwarder', and the following objects required a restart: default-mode, limits, server, web

Thank you in advance for the support,
Regards.

Fabio.

Labels (2)
Labels
0 Karma
Reply

EFFE4
New Member
‎07-25-2022 03:49 AM

Hi @gcusello ,

Yes, on the server is present the antivirus, do you think that this is the problem?

Ciao,

Fabio.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2022 03:51 AM

Hi @EFFE4,

I don't know, maybe it depends on the Antivirus, anyway try to temporary disable it and if the issue is still present open a ticket to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎07-25-2022 03:16 AM

Hi @EFFE4,

is there any protection system on your server: antivirus, or other?

Anyway, I hint to open a Case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...