Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Install Universal Forwarder Credentials on Windows

kymkin
Engager
‎12-05-2023 03:00 PM

Hi, I've been trying to follow the documentation to install the credentials for Windows for Universal Forwarder. It's been a nightmare to say the least. The documentation is rather confusing. I ran the wget command to install the universal forwarder. I used

msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

to install and agree to the license. Now I'm stuck. I've tried following the example. Used  C:\ProgramFiles\splunkuniversalforwarder\bin\splunk.exe install app C:\Users\Ryzen5\Downloads\splunkclouduf.spl to run the file for the credentials and I'm getting errors. I tried several variations and nothing is working. I don't know if I am missing something that is glaringly obvious. Any help would be  appreciated. I followed this https://docs.splunk.com/Documentation/Forwarder/8.2.0/Forwarder/InstallaWindowsuniversalforwarderfro... for the installation and I TRIED following the windows instructions from here https://docs.splunk.com/Documentation/Forwarder/9.1.2/Forwarder/ConfigSCUFCredentials.

Labels (2)
0 Karma
Reply

azteksites
Explorer
‎12-05-2023 11:25 PM

@kymkin 

I'm not exactly sure where the install is failing for you, but I can tell you the additional parameters I've successfully used for my install script.

  1. Adding the directory of the forwarder program file location. (i.e., C:\ or D:\ drive before the .msi file name)
  2. INSTALLDIR_ parameter (determines where install location of the UF program)
  3. I add the the license agreement parameter prior to the log collection parameters. Not sure if this actually changes the install process or not.
  4. SPLUNKUSERNAME/SPLUNKPASSWORD parameters to set your own admin credentials.
  5. /passive end flag (instead of quiet). This is essentially a quiet installation with a progress display.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top