Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Issue with Splunk Universal Forwarder blat.exe?

maurobissante
Explorer
‎03-15-2023 09:25 AM

Hello! 

One of our customer has a problem with this executable "C:\Program Files\SplunkUniversalForwarder_script\files\blat\blat.exe" that tries to launch this command

"C:\Program Files\SplunkUniversalForwarder_script\files\blat\blat.exe" -install mailrelay2.domain.com hostname@domain.com 

Can you help me to understand if this process is generated from Splunk or if it is a custom process?

Thank you,

Mauro

0 Karma
Reply

John_Littleton
Explorer
‎03-15-2023 04:37 PM

Hi there,

Splunk UF, by default, doesn't create anything or operate outside of $SPLUNK_HOME, in this case C:\Program Files\SplunkUniversalForwarder\

Being this is outside of $SPLUNK_HOME, SplunkUniversalForwarder_script\ is likely a custom folder created by an individual. It looks like the download blat zip file contents were extracted into that folder. Not sure if they integrate at all, but they are certainly separate installs and not associated with each other by default.

--
If you found this helpful, give it a thumbs up for good Karma!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...