Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Install Universal Forwarder Credentials on Windows

kymkin
Engager
‎12-05-2023 03:00 PM

Hi, I've been trying to follow the documentation to install the credentials for Windows for Universal Forwarder. It's been a nightmare to say the least. The documentation is rather confusing. I ran the wget command to install the universal forwarder. I used

msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

to install and agree to the license. Now I'm stuck. I've tried following the example. Used  C:\ProgramFiles\splunkuniversalforwarder\bin\splunk.exe install app C:\Users\Ryzen5\Downloads\splunkclouduf.spl to run the file for the credentials and I'm getting errors. I tried several variations and nothing is working. I don't know if I am missing something that is glaringly obvious. Any help would be  appreciated. I followed this https://docs.splunk.com/Documentation/Forwarder/8.2.0/Forwarder/InstallaWindowsuniversalforwarderfro... for the installation and I TRIED following the windows instructions from here https://docs.splunk.com/Documentation/Forwarder/9.1.2/Forwarder/ConfigSCUFCredentials.

Labels (2)
0 Karma
Reply

azteksites
Explorer
‎12-05-2023 11:25 PM

@kymkin 

I'm not exactly sure where the install is failing for you, but I can tell you the additional parameters I've successfully used for my install script.

  1. Adding the directory of the forwarder program file location. (i.e., C:\ or D:\ drive before the .msi file name)
  2. INSTALLDIR_ parameter (determines where install location of the UF program)
  3. I add the the license agreement parameter prior to the log collection parameters. Not sure if this actually changes the install process or not.
  4. SPLUNKUSERNAME/SPLUNKPASSWORD parameters to set your own admin credentials.
  5. /passive end flag (instead of quiet). This is essentially a quiet installation with a progress display.

Hope this helps.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...