Splunk ITSI
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Not able to add windows host in insight for infrastructure.

nologin
Explorer
‎10-07-2018 02:16 AM

According to my setup insight for infrastructure is installed on a centos 7 machine and I'm trying to add windows 10 host. Below is the error code which i get at the time of adding windows host.

Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server" At line:1 char:705 + ... n $files) { $web.DownloadFile("https://192.168.4.142:8000/en-US/stati ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : WebException

Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server" At line:1 char:705 + ... n $files) { $web.DownloadFile("https://192.168.4.142:8000/en-US/stati ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : WebException

.\install_uf.ps1 : The term '.\install_uf.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:924 + ... erCertificateValidationCallback = $null; if ($?) { .\install_uf.ps1 } + ~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (.\install_uf.ps1:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎10-11-2018 11:21 AM

"So shall I change the IP address to 192.168.4.144 on the clipboard code and try once? "
Yes, try that.

"And I got the original error code after I added the IP of the host to be monitored."
The field is "Monitoring machine (Specify the hostname or IP address of the machine you want to send data to)". This is not supposed to be the IP address of the machine that is to be monitored but the machine that is doing the monitoring [1].

[1] In most cases, this is the machine that has SAI/SII installed. The exception is with SAI installed on a distributed Splunk deployment.

0 Karma
Reply

nologin
Explorer
‎10-21-2018 02:38 AM

I got this huge error after changing the IP address of the monitoring machine to 192.168.4.144 (Splunk Server):
[] Install Splunk Universal Forwarder on localhost
[] indexer server: 192.168.4.144:9997
[*] checking for previous installations of splunk>...
[!] install directory already exists. continuing to congure ..
out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\outputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:78 char:1
+ echo "[tcpout]" > $outputsconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\outputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:79 char:1
+ echo "defaultGroup = default-autolb-group" >> $outputsconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\outputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:80 char:1
+ echo "" >> $outputsconf
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\outputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:81 char:1
+ echo "[tcpout:default-autolb-group]" >> $outputsconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:195 char:3
+ echo "`n" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:194 char:3
+ echo "_meta = $dims" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:195 char:3
+ echo "`n" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:215 char:5
+ echo "[monitor://$log_source]" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:216 char:5
+ echo "sourcetype = $log_sourcetype" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:218 char:5
+ echo "rn" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:210 char:5
+ echo "[WinEventLog://$log_source]" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:211 char:5
+ echo "$eventlog_options" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:212 char:5
+ echo "rn" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:210 char:5
+ echo "[WinEventLog://$log_source]" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:210 char:5
+ echo "[WinEventLog://$log_source]" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:211 char:5
+ echo "$eventlog_options" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

out-file : Could not find a part of the path 'C:\Program Files
(x86)\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf'.
At C:\Windows\system32\install_uf_script.ps1:212 char:5
+ echo "rn" >> $inputconf
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

[*] Restarting splunk> universal fowarder
& : The term 'C:\Program Files (x86)\SplunkUniversalForwarder\bin\splunk.exe' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify
that the path is correct and try again.
At C:\Windows\system32\install_uf_script.ps1:227 char:3
+ & "$splunkexe" restart
+ ~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\Program File...\bin\splunk.exe:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

[!] splunk process not running!
[!] check to make sure installation was successful.

What should I do further, please suggest...

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎10-22-2018 01:36 PM

I think running the script with the wrong parameters the first time may have screwed something up. I don't know what's going on, but I'd suggest uninstalling the SplunkUniversalForwarder from the target machine (and making sure that C:\Program Files (x86)\SplunkUniversalForwarder no longer exists) and retrying the installation snippet.

0 Karma
Reply

dauren_akilbeko
Communicator
‎10-08-2018 02:27 AM

Did you check firewall on both Splunk server and Windows 10 host? Can you react(ping) Splunk from Windows host?

0 Karma
Reply

nologin
Explorer
‎10-09-2018 12:55 AM

Thank you @dauren_akilbekov for your reply.

Below is the ping report from windows host to the splunk (Insight for Infrastructure) server, also I'm able to connect to the port 8000, 9997 and so on to the splunk server. I've no clue what to check on to, please suggest further.

ping 192.168.4.144

Pinging 192.168.4.144 with 32 bytes of data:

Reply from 192.168.4.144: bytes=32 time<1ms TTL=64

Reply from 192.168.4.144: bytes=32 time<1ms TTL=64

Reply from 192.168.4.144: bytes=32 time<1ms TTL=64

Reply from 192.168.4.144: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.4.144:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎10-09-2018 12:54 PM

Below is the ping report from windows host to the splunk (Insight for Infrastructure) server

How come that report has the IP address 192.168.4.144 while the script is trying to connect to a Splunk instance on 192.168.4.142?

0 Karma
Reply

nologin
Explorer
‎10-09-2018 10:53 PM

First of all let me share you my current setup:

  1. Splunk (Insight for Infrastructure) Server (OS: Centos-7, IP address: 192.168.4.144)
  2. Host to be monitored (OS: Windows-10, IP address: 192.168.4.142)

And I shared the above ping report as @dauren_akilbekov asked me for a ping check from Windows host to Splunk server. Actually both the machine are able to reach (ping) each other but the problem still persists, is there any thing that needs to be modified on the Windows host or to the server side?

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎10-10-2018 11:33 AM

No, there's no special setup. The confusing thing is that the original error code says it was run with the reverse setup (Splunk at 192.168.4.142).

0 Karma
Reply

nologin
Explorer
‎10-10-2018 11:33 PM

So shall I change the IP address to 192.168.4.144 on the clipboard code and try once?
And I got the original error code after I added the IP of the host to be monitored.

0 Karma
Reply
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...