Splunk Cloud Platform

Install Universal Forwarder Credentials on Windows

kymkin
Engager

Hi, I've been trying to follow the documentation to install the credentials for Windows for Universal Forwarder. It's been a nightmare to say the least. The documentation is rather confusing. I ran the wget command to install the universal forwarder. I used

msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

to install and agree to the license. Now I'm stuck. I've tried following the example. Used  C:\ProgramFiles\splunkuniversalforwarder\bin\splunk.exe install app C:\Users\Ryzen5\Downloads\splunkclouduf.spl to run the file for the credentials and I'm getting errors. I tried several variations and nothing is working. I don't know if I am missing something that is glaringly obvious. Any help would be  appreciated. I followed this https://docs.splunk.com/Documentation/Forwarder/8.2.0/Forwarder/InstallaWindowsuniversalforwarderfro... for the installation and I TRIED following the windows instructions from here https://docs.splunk.com/Documentation/Forwarder/9.1.2/Forwarder/ConfigSCUFCredentials.

Labels (2)
0 Karma

azteksites
Explorer

@kymkin 

I'm not exactly sure where the install is failing for you, but I can tell you the additional parameters I've successfully used for my install script.

  1. Adding the directory of the forwarder program file location. (i.e., C:\ or D:\ drive before the .msi file name)
  2. INSTALLDIR_ parameter (determines where install location of the UF program)
  3. I add the the license agreement parameter prior to the log collection parameters. Not sure if this actually changes the install process or not.
  4. SPLUNKUSERNAME/SPLUNKPASSWORD parameters to set your own admin credentials.
  5. /passive end flag (instead of quiet). This is essentially a quiet installation with a progress display.

Hope this helps.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...