Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Install Universal Forwarder Credentials on Windows

kymkin
Engager
‎12-05-2023 03:00 PM

Hi, I've been trying to follow the documentation to install the credentials for Windows for Universal Forwarder. It's been a nightmare to say the least. The documentation is rather confusing. I ran the wget command to install the universal forwarder. I used

msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

to install and agree to the license. Now I'm stuck. I've tried following the example. Used  C:\ProgramFiles\splunkuniversalforwarder\bin\splunk.exe install app C:\Users\Ryzen5\Downloads\splunkclouduf.spl to run the file for the credentials and I'm getting errors. I tried several variations and nothing is working. I don't know if I am missing something that is glaringly obvious. Any help would be  appreciated. I followed this https://docs.splunk.com/Documentation/Forwarder/8.2.0/Forwarder/InstallaWindowsuniversalforwarderfro... for the installation and I TRIED following the windows instructions from here https://docs.splunk.com/Documentation/Forwarder/9.1.2/Forwarder/ConfigSCUFCredentials.

Labels (2)
0 Karma
Reply

azteksites
Explorer
‎12-05-2023 11:25 PM

@kymkin 

I'm not exactly sure where the install is failing for you, but I can tell you the additional parameters I've successfully used for my install script.

  1. Adding the directory of the forwarder program file location. (i.e., C:\ or D:\ drive before the .msi file name)
  2. INSTALLDIR_ parameter (determines where install location of the UF program)
  3. I add the the license agreement parameter prior to the log collection parameters. Not sure if this actually changes the install process or not.
  4. SPLUNKUSERNAME/SPLUNKPASSWORD parameters to set your own admin credentials.
  5. /passive end flag (instead of quiet). This is essentially a quiet installation with a progress display.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...