Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Installing Universal Forwarder from Command line and Hangs at Receiving Indexer

jamieralphsmith
New Member
‎03-19-2014 07:46 AM

I am installing the UF from a command prompt for deployment via SCCM 2012 with the following command line:
msiexec /i splunkforwarder-6.0.1-189883-x64-release.msi RECEIVING_INDEXER="ServerFQDN:Port" WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /qn /lv c:\splunkinst.log
and the install does not error out, but will instead just sit at the following line:
***Splunk_AddReceivingIndexer: Starting Splunk_AddReceivingIndexer
I've let it sit for over 24hrs. When I run a netstat -an on the server I can see that it is listening on the port that is passed in the command line. When I telnet from the machine I am installing to I can connect via that same port. Anyone have any ideas as to why it just isn't proceeding?

0 Karma
Reply

jamieralphsmith
New Member
‎03-19-2014 08:35 AM

I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.

0 Karma
Reply

mgbruin
Engager
‎03-19-2014 08:16 AM

OK, reading this as somebody with only basic knowledge of the Windows forwarder install, it looks like you have /qn as parameters to msiexec, but I think the correct parameter to the splunkforwarder itself is /quiet according to the manuals. Could it simply be the installer wants to show you a user interface but msiexec is blocking it from doing so? Is there nothing in the logfile you specified (C:splunkinst.log)?

I'm guessing you already know, but for completeness sake the manual for deploying the forwarder from the command-line can be found at http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/DeployaWindowsdfviathecommandline.

0 Karma
Reply

jamieralphsmith
New Member
‎03-19-2014 08:35 AM

I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Developer Program!

Hey Splunk community!  We are excited to announce that Splunk is launching the Splunk Developer Program in ...

Splunkbase Year in Review 2024

Reflecting on 2024, it’s clear that innovation and collaboration have defined the journey for Splunk ...

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...
Top