Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Deploy the Splunk Forwarder via Deployment Server

shocko
Contributor
‎01-24-2022 02:41 AM

I'm a a very basic Splunk admin using Splunk Enterprise 8.2.4 with deployment server pushing out our apps/configs to the forwarders. I need to install the agent onto 100 existing Windows 2016/2019 servers. I can easily script up the MSI using MECM or the like but I'm wondering if the Splunk Deployment server can push the agent or if It provides a Powershell script I could hand to my server admins to do same from the target servers? 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

SinghK
Builder
‎01-24-2022 03:19 AM

Deployment server can only push config to forwarders.

use this powershell script

$errorfile = "D:\Splunk\SplunkForwarderInstall.log" # change path accordingly and update here this will be needed for any issues with installation.
Start-Transcript -Path $errorfile - NoClobber
$csvpath = "D:\Splunk\servers.csv"
$files = Import-Csv -path $csvpath |select -ExpandProperty Name
Write-host "Starting to copy SplunkForwarder installer on $file" -ForegroundColor Green
foreach($file in $files){
    #defining destination and source directory
    $sourcePath = "D:\Splunk<or directory path>"
    $destPath = "\\$file\<directory path>"
    #creating folder
    New-Item -path $destPath -ItemType directory -Force
    #copying
    Copy-Item -Recurse -Path $sourcePath -Destination $destPath -Force
    #running setup for SF
    Write-Host "Copying installer on $file complete" -ForegroundColor Green
    Write-Host "Starting installation on $file" -ForegroundColor Green
    Invoke-Command -ComputerName $file -ScriptBlock { & cmd /c msiexec /i "<location of splunkforwadr.msi>" AGREETOLICENSE=Yes /quiet}
    Write-Host "Installation complete on $file" -ForegroundColor Green
    Write-Host "Validating install by checking if service is running. Please check the output <path to output directory D:\Splunk_install\.....blah blah>"
    $Running = Get-Service -Name "SplunkForwarder" -ComputerName $file -ErrorAction SilentlyContinue
    $name="SplunkForwarder"
    if($Running.Status -eq "Running"){
        Write-host "SplunkForwarder service will be stopped for $file" -ForegroundColor Green
        Get-Service -Name $name -ComputerName $file|Set-Service -Status Stopped
        Write-host "SplunkForwarder service has been stopped on $file" -ForegroundColor Green
        Write-host "Copying deploymentclient.conf to $file" -ForegroundColor Green
        $Dest = "\\$file\c$\Program Files\SplunkUniversalForwarder\etc\system\local"
        $Source = "D:\Splunk\deployemntclient.conf" # Source directory can be any directory update the path here accordingly
        Copy-Item -Recurse -Path $Source -Destination $Dest -Force
        Write-Host "Starting SplunkForwarder service on $file" -ForegroundColor Green
        Get-Service -Name $name -ComputerName $file |Set-Service -Status Running
        Write-Host "SplunkForwarder service has been started on $file" -ForegroundColor Green
    }

}
Stop-transcript
 
try and make changes where needed. like paths etc.
what this basically does is installs forwarders and copies deploymentclient config and restarts  splunkforwarder service and it captures logs as well so you can see errors. 

View solution in original post

Reply
Solved! Jump to solution
Solution

SinghK
Builder
‎01-24-2022 03:19 AM

Deployment server can only push config to forwarders.

use this powershell script

$errorfile = "D:\Splunk\SplunkForwarderInstall.log" # change path accordingly and update here this will be needed for any issues with installation.
Start-Transcript -Path $errorfile - NoClobber
$csvpath = "D:\Splunk\servers.csv"
$files = Import-Csv -path $csvpath |select -ExpandProperty Name
Write-host "Starting to copy SplunkForwarder installer on $file" -ForegroundColor Green
foreach($file in $files){
    #defining destination and source directory
    $sourcePath = "D:\Splunk<or directory path>"
    $destPath = "\\$file\<directory path>"
    #creating folder
    New-Item -path $destPath -ItemType directory -Force
    #copying
    Copy-Item -Recurse -Path $sourcePath -Destination $destPath -Force
    #running setup for SF
    Write-Host "Copying installer on $file complete" -ForegroundColor Green
    Write-Host "Starting installation on $file" -ForegroundColor Green
    Invoke-Command -ComputerName $file -ScriptBlock { & cmd /c msiexec /i "<location of splunkforwadr.msi>" AGREETOLICENSE=Yes /quiet}
    Write-Host "Installation complete on $file" -ForegroundColor Green
    Write-Host "Validating install by checking if service is running. Please check the output <path to output directory D:\Splunk_install\.....blah blah>"
    $Running = Get-Service -Name "SplunkForwarder" -ComputerName $file -ErrorAction SilentlyContinue
    $name="SplunkForwarder"
    if($Running.Status -eq "Running"){
        Write-host "SplunkForwarder service will be stopped for $file" -ForegroundColor Green
        Get-Service -Name $name -ComputerName $file|Set-Service -Status Stopped
        Write-host "SplunkForwarder service has been stopped on $file" -ForegroundColor Green
        Write-host "Copying deploymentclient.conf to $file" -ForegroundColor Green
        $Dest = "\\$file\c$\Program Files\SplunkUniversalForwarder\etc\system\local"
        $Source = "D:\Splunk\deployemntclient.conf" # Source directory can be any directory update the path here accordingly
        Copy-Item -Recurse -Path $Source -Destination $Dest -Force
        Write-Host "Starting SplunkForwarder service on $file" -ForegroundColor Green
        Get-Service -Name $name -ComputerName $file |Set-Service -Status Running
        Write-Host "SplunkForwarder service has been started on $file" -ForegroundColor Green
    }

}
Stop-transcript
 
try and make changes where needed. like paths etc.
what this basically does is installs forwarders and copies deploymentclient config and restarts  splunkforwarder service and it captures logs as well so you can see errors. 
Reply
Solved! Jump to solution

shocko
Contributor
‎01-24-2022 04:12 AM

Much appreciated! Any reason you copy the deployment server config file rather than specifying the deployment server name/port in the MSI parameters? Just curious!

0 Karma
Reply
Solved! Jump to solution

SinghK
Builder
‎01-24-2022 04:15 AM

No specific reason. Just my way of doing things.

If you can please upvote this as an answer. Mucho gracias.

Reply
Solved! Jump to solution

SanjayReddy
SplunkTrust
SplunkTrust
‎01-24-2022 03:14 AM

Hi @shocko 

Currently we can not use Splunk deployment server to install Splunk UF on remote servers,   it can only used as deplyting apps/configs to exisitng UFS 

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...