Hi, unfortunately I have the same problem.
The script runs well, but in APP I can not find any entities, the error is "No new entities connected yet" after 30m.
Any Tip?
Best Regards,
Vitor M. leitao
Error on splunkd.log
"01-08-2019 17:39:26.769 +0000 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Forwarded Events'
Script Output
PS C:\WINDOWS\system32> $env:SPLUNK_URL="10.50.83.4" ; $env:RECEIVER_PORT="9997" ; $env:DIMENSIONS="Owner::vml Location::Lisbon Role::Laptop" ; $env:SPLUNK_HOME="C:\Program Files\SplunkUniversalForwarder"; $env:METRICS="cpu,physical_disk,network,memory,system,process,logical_disk"; $env:PER_CPU="true"; $env:LOG_SOURCES="`$SPLUNK_HOME\var\log\splunk*.log*%uf,Application%WinEventLog,Security%WinEventLog,System%WinEventLog,Forwarded Events%WinEventLog,Setup%WinEventLog"; $web=New-Object Net.WebClient; $path=Convert-Path .; [System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true}; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; $files="install_uf.ps1","install_uf_script.ps1"; Foreach($file in $files) { $web.DownloadFile("https://10.50.83.4:8443/static/app/splunk_app_infrastructure/windows_scripts/$file",$path+"\$file")}; [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null; if ($?) { .\install_uf.ps1 }
[] Install Splunk Universal Forwarder on localhost
[] indexer server: 10.50.83.4:9997
[] checking for previous installations of splunk>...
[!] install directory already exists. continuing to congure ..
[] configuring metrics & log inputs...
[*] Restarting splunk> universal fowarder
SplunkForwarder: Stopped
Splunk> Australian for grep.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking conf files for problems...
Done
Checking default conf files for edits...
Validating installed files against hashes from 'C:\Program Files\SplunkUniversalForwarder\splunkforwarder-7.2.3-06d57c595b80-windows-64-manifest'
All installed files intact.
Done
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
SplunkForwarder: Starting (pid 7948)
Done
[] splunk> successfully started.
[] running clean up.
[*] clean up complete. Exiting...
PS C:\WINDOWS\system32>
... View more