Re: How can I update one UF at server where instal...

atyshke1 · ‎11-30-2018

Hi All,
I have two UF agents on the servers. One of them installed through Windows Installer, the second I unpackeged and installed by myself. So the question is How can I update the UF only one and which has not been installed by Windows Installer?

Richfez · ‎11-30-2018

I don't believe this is a supported configuration. As such, there's no supported way to upgrade only one of the two installations.

There comes a time when you have to ask yourself if the reason you are using two Windows Universal Forwarders is worth the effort, hassle and lack of support. I have not seen a single case where two UFs on Windows was The Right Solution. (Although I have heard they exist, I have just not seen some situation that couldn't be handled as well with a single one...)

In this case, the description and comments describe a situation where logs have to go to two places. This is completely handled by Splunk's ability to route and filter data. There's a dozen use cases listed in those docs and solutions for those, but know that it's only the beginning - there's even more that can be done with routing and filtering. If you read through those and have problems, I'd say you should a) document what you've tried, b) the configurations that you've tried, the c) reasons that doesn't work and then create a new Question specifically for that question and I'm positive we can help you.

Happy Splunking!
Rich

atyshke1 · ‎11-30-2018

Maybe, but it's works fine. I had no idea how can we did it another way

harsmarvania57 · ‎11-30-2018

Hi,

Question is why 2 UF on same server ? If you can provide your requirement then community might help you to achieve it with single UF.

As you mention that you want to update one UF but you didn't mentioned that how you are updating UF, what is meaning of "update" do you mean configuration update and what you are updating ?

atyshke1 · ‎11-30-2018

We use to UFs because one UF send the specific logs for outside department and we can not administrate Splunk which use this department. The second UF sends to our Splunk which we can administrate
I mean that need to be updated the UF to a newest version.

harsmarvania57 · ‎11-30-2018

Upgrade process is straightforward same as installation process. So I guess in your case you can download latest version or version on which you want to go and then again unpack and install by yourself in same directory where current UF is running (Which is installed by yourself earlier).

atyshke1 · ‎11-30-2018

Yeah, but where I can get the UF in zip format?
How can I did it before:
I installed one UF, then copy folder from Program Files to Desktop, remove this UF, then install second and Launched it then copy previous folder from desktop to back Program Files and then create a services previous UF. So that I have two installed and configured Splunk UF. But how can I update it now only the second UF?

harsmarvania57 · ‎11-30-2018

Oh so you did it ugly way, there are no zip format (OR standalone package) available for Windows and I am not fan of Windows so I don't have any idea about this.

How can I update one UF at server where installed two UF agents

Monitoring Postgres with OpenTelemetry

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor