Hi there! I've spent about 8 hours trying to get Splunk working and I'm at the end of my rope. The server was easy enough to set up; I spun up a new CentOS vm, installed and configured the Splunk server (I'm able to log into the web interface and install apps) but what's killing me is installing the Universal Forwarder. I'm trying to install it on my "utility" Windows 2008 R2 vm that hosts all my apps like HP System Insight, Spiceworks, Netwrix, etc. I want Splunk's Universal Forwarder to grab remote Windows data and provide AD Monitoring.
I created an AD user called Splunk and followed the directions here under "Prepare Active Directory for Splunk installation as a domain user" to create & configure AD groups: http://docs.splunk.com/Documentation/Splunk/5.0.5/Installation/PrepareyourWindowsnetworkforaSplunkinstallation
No matter what I do to install the Universal Forwarder I get the error "Splunk Installer was unable to start Splunk services. Please make sure you have provided the correct username and/or password, and the user you are trying to run Splunk as has the correct priviliges. Exitcode='4'." I can install it for local monitoring without issue.
What the heck am I doing wrong? Neither the log in appdata - local - temp nor the log in var - splunk - log provide any clues. And everyone else here who has posted the question has found the most bizarre solutions, or apparently, no solution at all, which seems rather strange. Thanks for any advice or pointers!!!
... View more