Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Installing Universal Forwarder from Command line a...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installing Universal Forwarder from Command line and Hangs at Receiving Indexer
I am installing the UF from a command prompt for deployment via SCCM 2012 with the following command line:
msiexec /i splunkforwarder-6.0.1-189883-x64-release.msi RECEIVING_INDEXER="ServerFQDN:Port" WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /qn /lv c:\splunkinst.log
and the install does not error out, but will instead just sit at the following line:
***Splunk_AddReceivingIndexer: Starting Splunk_AddReceivingIndexer
I've let it sit for over 24hrs. When I run a netstat -an on the server I can see that it is listening on the port that is passed in the command line. When I telnet from the machine I am installing to I can connect via that same port. Anyone have any ideas as to why it just isn't proceeding?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, reading this as somebody with only basic knowledge of the Windows forwarder install, it looks like you have /qn as parameters to msiexec, but I think the correct parameter to the splunkforwarder itself is /quiet according to the manuals. Could it simply be the installer wants to show you a user interface but msiexec is blocking it from doing so? Is there nothing in the logfile you specified (C:splunkinst.log)?
I'm guessing you already know, but for completeness sake the manual for deploying the forwarder from the command-line can be found at http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/DeployaWindowsdfviathecommandline.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
