Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Installing Universal Forwarder from Command line and Hangs at Receiving Indexer

jamieralphsmith
New Member
‎03-19-2014 07:46 AM

I am installing the UF from a command prompt for deployment via SCCM 2012 with the following command line:
msiexec /i splunkforwarder-6.0.1-189883-x64-release.msi RECEIVING_INDEXER="ServerFQDN:Port" WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /qn /lv c:\splunkinst.log
and the install does not error out, but will instead just sit at the following line:
***Splunk_AddReceivingIndexer: Starting Splunk_AddReceivingIndexer
I've let it sit for over 24hrs. When I run a netstat -an on the server I can see that it is listening on the port that is passed in the command line. When I telnet from the machine I am installing to I can connect via that same port. Anyone have any ideas as to why it just isn't proceeding?

0 Karma
Reply

jamieralphsmith
New Member
‎03-19-2014 08:35 AM

I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.

0 Karma
Reply

mgbruin
Engager
‎03-19-2014 08:16 AM

OK, reading this as somebody with only basic knowledge of the Windows forwarder install, it looks like you have /qn as parameters to msiexec, but I think the correct parameter to the splunkforwarder itself is /quiet according to the manuals. Could it simply be the installer wants to show you a user interface but msiexec is blocking it from doing so? Is there nothing in the logfile you specified (C:splunkinst.log)?

I'm guessing you already know, but for completeness sake the manual for deploying the forwarder from the command-line can be found at http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/DeployaWindowsdfviathecommandline.

0 Karma
Reply

jamieralphsmith
New Member
‎03-19-2014 08:35 AM

I did try to run the install with the /quiet switch and received the same results (no interface popped up either). The log file shows no errors or even warnings up to that point.

0 Karma
Reply
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!