Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About JacksonModlin
JacksonModlin
Explorer
Member since:
08-17-2022
11-01-2022
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 08-17-2022 |
Activity Feed
- Karma Re: Splunk forwarder Install with powershell for richgalloway. 11-01-2022 07:50 AM
- Posted Re: Splunk forwarder Install with powershell on Installation. 11-01-2022 07:35 AM
- Posted Re: Splunk forwarder Install with powershell on Installation. 10-31-2022 02:50 PM
- Posted Re: Splunk forwarder Install with powershell on Installation. 10-31-2022 01:25 PM
- Posted Re: Splunk forwarder Install with powershell on Installation. 10-31-2022 05:56 AM
- Posted How to install Splunk forwarder with powershell? on Installation. 10-28-2022 02:44 PM
- Posted Re: Bitdefender Integration with Splunk Cloud on Splunk Cloud Platform. 08-19-2022 01:20 PM
- Karma Re: Bitdefender Integration with Splunk Cloud for chaker. 08-18-2022 12:24 PM
- Posted Re: Bitdefender Integration with Splunk Cloud on Splunk Cloud Platform. 08-18-2022 09:07 AM
- Posted Are there any fixes that we could do to forward our logs from Gravityzone into Splunk Cloud? on Splunk Cloud Platform. 08-17-2022 01:24 PM
- Tagged Are there any fixes that we could do to forward our logs from Gravityzone into Splunk Cloud? on Splunk Cloud Platform. 08-17-2022 01:24 PM
- Tagged Are there any fixes that we could do to forward our logs from Gravityzone into Splunk Cloud? on Splunk Cloud Platform. 08-17-2022 01:24 PM
Topics I've Started
11-01-2022
07:35 AM
I try that, and it still fails to install, i have started to log the file for installing, and the error is below, i have censored out sensitive data. MSI (s) (98:C0) [09:20:28:480]: Note: 1: 1708 MSI (s) (98:C0) [09:20:28:480]: Note: 1: 2205 2: 3: Error MSI (s) (98:C0) [09:20:28:480]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708 MSI (s) (98:C0) [09:20:28:480]: Note: 1: 2205 2: 3: Error MSI (s) (98:C0) [09:20:28:480]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 MSI (s) (98:C0) [09:20:28:480]: Product: UniversalForwarder -- Installation failed. MSI (s) (98:C0) [09:20:28:481]: Windows Installer installed the product. Product Name: UniversalForwarder. Product Version: 9.0.1.0. Product Language: 1033. Manufacturer: Splunk, Inc.. Installation success or error status: 1603. MSI (s) (98:C0) [09:20:28:494]: Deferring clean up of packages/files, if any exist MSI (s) (98:C0) [09:20:28:494]: MainEngineThread is returning 1603 MSI (s) (98:00) [09:20:28:494]: No System Restore sequence number for this installation. === Logging stopped: 11/1/2022 9:20:28 === MSI (s) (98:00) [09:20:28:496]: User policy value 'DisableRollback' is 0 MSI (s) (98:00) [09:20:28:496]: Machine policy value 'DisableRollback' is 0 MSI (s) (98:00) [09:20:28:496]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (98:00) [09:20:28:496]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (98:00) [09:20:28:497]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (98:00) [09:20:28:497]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (s) (98:00) [09:20:28:497]: Destroying RemoteAPI object. MSI (s) (98:14) [09:20:28:497]: Custom Action Manager thread ending. MSI (c) (08:4C) [09:20:28:498]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (08:4C) [09:20:28:500]: MainEngineThread is returning 1603 === Verbose logging stopped: 11/1/2022 9:20:28 ===
... View more
10-31-2022
02:50 PM
I downloaded version 9.0.0.1, and 8.2.8 and neither worked for our purposes, as both still resulted in mongDB still installing, is there any other guidance, you can provide, or is this the final verdict?
... View more
10-31-2022
01:25 PM
We tried this, and it failed. It keeps trying to install it as a splunk enterprise instance instead of splunk cloud, is there a flag we can use to make the version of the forwarder into a splunk cloud instance???? Attached is our log file, please provide guidance whenever possible. ``` 10-31-2022 14:44:12.078 -0500 INFO LMStackMgr [0 MainThread] - Initializing CleMgr... 10-31-2022 14:44:12.079 -0500 INFO LicenseMgr [0 MainThread] - Initing LicenseMgr 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - serverName=IT-JMODLIN guid=96BF5E48-20C5-4825-AA20-94D331BD980E 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - connection_timeout=30 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - send_timeout=30 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - receive_timeout=30 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - key=license_warnings_update_interval not found in licenser stanza of server.conf, defaulting=0 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - squash_threshold=2000 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - strict_pool_quota=1 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - key=pool_suggestion not found in licenser stanza of server.conf, defaulting='' 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - key=test_aws_metering not found in licenser stanza of server.conf, defaulting=0 10-31-2022 14:44:12.079 -0500 INFO LMConfig [0 MainThread] - key=test_aws_product_code not found in licenser stanza of server.conf, defaulting=0 10-31-2022 14:44:12.079 -0500 INFO LicenseMgr [0 MainThread] - Initing LicenseMgr runContext_splunkd=false 10-31-2022 14:44:12.079 -0500 INFO LMStackMgr [0 MainThread] - closing stack mgr 10-31-2022 14:44:12.079 -0500 INFO LMSlaveInfo [0 MainThread] - all slaves cleared 10-31-2022 14:44:12.079 -0500 INFO LMStackMgr [0 MainThread] - Initalized license_warnings_update_interval=auto 10-31-2022 14:44:12.079 -0500 INFO LMStackMgr [0 MainThread] - License Manager supports Conditional Licensing Enforcement. For baked in CLE policies, window_period=60 days, max_violations=45, for stack size below 107374182400 bytes 10-31-2022 14:44:12.079 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for free 10-31-2022 14:44:12.079 -0500 INFO LMStackMgr [0 MainThread] - Added policy WinSz=30 Warnings=3 MaxSize=0 isDefault=1 features= for free 10-31-2022 14:44:12.080 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for forwarder 10-31-2022 14:44:12.080 -0500 INFO LMStackMgr [0 MainThread] - Added policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for forwarder 10-31-2022 14:44:12.081 -0500 INFO LMStack [0 MainThread] - Added type=forwarder license, from file=splunkforwarder.lic, to stack=forwarder of group=Forwarder 10-31-2022 14:44:12.081 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for forwarder 10-31-2022 14:44:12.081 -0500 INFO LMStackMgr [0 MainThread] - created stack='forwarder' 10-31-2022 14:44:12.081 -0500 INFO LMStackMgr [0 MainThread] - Replaced with latest policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for forwarder 10-31-2022 14:44:12.081 -0500 INFO LMStackMgr [0 MainThread] - Initialized hideQuotaWarning = "0" 10-31-2022 14:44:12.081 -0500 INFO LMStackMgr [0 MainThread] - init completed [96BF5E48-20C5-4825-AA20-94D331BD980E,Forwarder,runContext_splunkd=false] 10-31-2022 14:44:12.081 -0500 INFO LicenseMgr [0 MainThread] - StackMgr init complete... 10-31-2022 14:44:12.081 -0500 INFO LMTracker [0 MainThread] - Setting default product type='enterprise' 10-31-2022 14:44:12.081 -0500 INFO LMTracker [0 MainThread] - this is not splunkd, will perform partial init 10-31-2022 14:44:12.081 -0500 INFO LicenseMgr [0 MainThread] - Tracker init complete... 10-31-2022 14:44:12.086 -0500 INFO KVStorageEngineUpgrade [0 MainThread] - Setting parallelDumpCollectionJobs=0 parallelRestoreCollectionJobs=0 based on max_num_cpus=8 and total_configured_collections=0, insertionWorkersPerCollection=1 as maxInsertionWorkersPerCollection=4 10-31-2022 14:44:12.090 -0500 INFO KVStoreBackupRestore [0 MainThread] - Before KV Store engine migration: KVStoreDbsize=4096 fsBytesFree=90732716032 10-31-2022 14:44:12.090 -0500 WARN SSLOptions [17672 MainThread] - server.conf/[kvstore]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Starting mongod with executable name=mongod-4.0.exe version=kvstore version 4.0 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --dbpath C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\kvstore\mongo 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --storageEngine wiredTiger 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using cacheSize=2.25GB 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --port 8191 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --timeStampFormat iso8601-utc 10-31-2022 14:44:12.094 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --oplogSize 200 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --keyFile C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\kvstore\mongo\splunk.key 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --setParameter enableLocalhostAuthBypass=0 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --setParameter oplogFetcherSteadyStateMaxFetcherRestarts=0 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Starting mongod in standalone mode 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --bind_ip=0.0.0.0 (all ipv4 addresses) 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslMode requireSSL 10-31-2022 14:44:12.095 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslAllowInvalidHostnames 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Found an existing PFX certificate 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Found an existing PFX certificate 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslCertificateSelector subject=SplunkServerDefaultCert 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslAllowInvalidCertificates 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslAllowConnectionsWithoutCertificates 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslDisabledProtocols noTLS1_0,noTLS1_1 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --sslCipherConfig ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 10-31-2022 14:44:12.321 -0500 INFO MongodRunner [17672 MainThread] - Using mongod command line --noscripting 10-31-2022 14:44:12.326 -0500 ERROR MongodRunner [17672 MainThread] - Failed to start mongod. 10-31-2022 14:59:13.939 -0500 ERROR KVStoreConfigurationProvider [17672 MainThread] - Cannot dump kvstore data reason=Failed to receive response from kvstore error=, service not ready after waiting for timeout=901610ms 10-31-2022 14:59:13.939 -0500 ERROR KVStoreConfigurationProvider [17672 MainThread] - Failed to receive response from kvstore error=, service not ready after waiting for timeout=901610ms 10-31-2022 15:01:27.887 -0500 INFO LMStackMgr [0 MainThread] - Initializing CleMgr... 10-31-2022 15:01:27.888 -0500 INFO LicenseMgr [0 MainThread] - Initing LicenseMgr 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - serverName=IT-JMODLIN guid=DBE7F1CA-C25F-430E-AB8C-DA68B1792CC4 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - connection_timeout=30 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - send_timeout=30 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - receive_timeout=30 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - key=license_warnings_update_interval not found in licenser stanza of server.conf, defaulting=0 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - squash_threshold=2000 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - strict_pool_quota=1 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - key=pool_suggestion not found in licenser stanza of server.conf, defaulting='' 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - key=test_aws_metering not found in licenser stanza of server.conf, defaulting=0 10-31-2022 15:01:27.888 -0500 INFO LMConfig [0 MainThread] - key=test_aws_product_code not found in licenser stanza of server.conf, defaulting=0 10-31-2022 15:01:27.888 -0500 INFO LicenseMgr [0 MainThread] - Initing LicenseMgr runContext_splunkd=false 10-31-2022 15:01:27.888 -0500 INFO LMStackMgr [0 MainThread] - closing stack mgr 10-31-2022 15:01:27.888 -0500 INFO LMSlaveInfo [0 MainThread] - all slaves cleared 10-31-2022 15:01:27.889 -0500 INFO LMStackMgr [0 MainThread] - Initalized license_warnings_update_interval=auto 10-31-2022 15:01:27.889 -0500 INFO LMStackMgr [0 MainThread] - License Manager supports Conditional Licensing Enforcement. For baked in CLE policies, window_period=60 days, max_violations=45, for stack size below 107374182400 bytes 10-31-2022 15:01:27.889 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for free 10-31-2022 15:01:27.889 -0500 INFO LMStackMgr [0 MainThread] - Added policy WinSz=30 Warnings=3 MaxSize=0 isDefault=1 features= for free 10-31-2022 15:01:27.889 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for forwarder 10-31-2022 15:01:27.889 -0500 INFO LMStackMgr [0 MainThread] - Added policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for forwarder 10-31-2022 15:01:27.891 -0500 INFO LMStack [0 MainThread] - Added type=forwarder license, from file=splunkforwarder.lic, to stack=forwarder of group=Forwarder 10-31-2022 15:01:27.891 -0500 INFO LMLicense [0 MainThread] - Applying default enforcement policy for forwarder 10-31-2022 15:01:27.891 -0500 INFO LMStackMgr [0 MainThread] - created stack='forwarder' 10-31-2022 15:01:27.891 -0500 INFO LMStackMgr [0 MainThread] - Replaced with latest policy WinSz=30 Warnings=5 MaxSize=0 isDefault=1 features= for forwarder 10-31-2022 15:01:27.891 -0500 INFO LMStackMgr [0 MainThread] - Initialized hideQuotaWarning = "0" 10-31-2022 15:01:27.891 -0500 INFO LMStackMgr [0 MainThread] - init completed [DBE7F1CA-C25F-430E-AB8C-DA68B1792CC4,Forwarder,runContext_splunkd=false] 10-31-2022 15:01:27.891 -0500 INFO LicenseMgr [0 MainThread] - StackMgr init complete... 10-31-2022 15:01:27.891 -0500 INFO LMTracker [0 MainThread] - Setting default product type='enterprise' 10-31-2022 15:01:27.892 -0500 INFO LMTracker [0 MainThread] - this is not splunkd, will perform partial init 10-31-2022 15:01:27.892 -0500 INFO LicenseMgr [0 MainThread] - Tracker init complete... 10-31-2022 15:01:27.899 -0500 INFO KVStorageEngineUpgrade [0 MainThread] - Setting parallelDumpCollectionJobs=0 parallelRestoreCollectionJobs=0 based on max_num_cpus=8 and total_configured_collections=0, insertionWorkersPerCollection=1 as maxInsertionWorkersPerCollection=4 10-31-2022 15:01:27.906 -0500 INFO KVStoreBackupRestore [0 MainThread] - Before KV Store engine migration: KVStoreDbsize=4096 fsBytesFree=90669641728 10-31-2022 15:01:27.907 -0500 WARN SSLOptions [17024 MainThread] - server.conf/[kvstore]/sslVerifyServerCert is false disabling certificate validation; must be set to "true" for increased security 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Starting mongod with executable name=mongod.exe version=kvstore version 4.2 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --dbpath C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\kvstore\mongo 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --storageEngine wiredTiger 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using cacheSize=2.25GB 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --port 8191 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --timeStampFormat iso8601-utc 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --oplogSize 200 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --keyFile C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\kvstore\mongo\splunk.key 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --setParameter enableLocalhostAuthBypass=0 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --setParameter oplogFetcherSteadyStateMaxFetcherRestarts=0 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Starting mongod in standalone mode 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --bind_ip=0.0.0.0 (all ipv4 addresses) 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslMode requireSSL 10-31-2022 15:01:27.911 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslAllowInvalidHostnames 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Found an existing PFX certificate 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Found an existing PFX certificate 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslCertificateSelector subject=SplunkServerDefaultCert 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslAllowInvalidCertificates 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslAllowConnectionsWithoutCertificates 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --tlsDisabledProtocols noTLS1_0,noTLS1_1 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --sslCipherConfig ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 10-31-2022 15:01:28.152 -0500 INFO MongodRunner [17024 MainThread] - Using mongod command line --noscripting 10-31-2022 15:01:28.158 -0500 ERROR MongodRunner [17024 MainThread] - Failed to start mongod. 10-31-2022 15:16:29.657 -0500 ERROR KVStoreConfigurationProvider [17024 MainThread] - Cannot dump kvstore data reason=Failed to receive response from kvstore error=, service not ready after waiting for timeout=901500ms 10-31-2022 15:16:29.657 -0500 ERROR KVStoreConfigurationProvider [17024 MainThread] - Failed to receive response from kvstore error=, service not ready after waiting for timeout=901500ms ```
... View more
10-31-2022
05:56 AM
I saw many posts like this one, looking at install the forwarder using PowerShell, but we need to install it for splunk cloud, will it still work, or will we have to install everything manually?
... View more
10-28-2022
02:44 PM
Hello all,
We are starting to integrate spunk into our systems, and in order to make sure everything goes smoothly we want to write a PowerShell script for the installation.
We use Splunk Cloud, so we are unsure if there is a way to set a PowerShell script to install it across our systems. We would like guidance where possible.
Thank you
... View more
Labels
- Labels:
-
universal forwarder
-
Windows
08-19-2022
01:20 PM
I went ahead and ran the script, and now i get the error {"id":"1","jsonrpc":"2.0","error":{"code":-32602,"message":"Invalid params","data":{"details":"The web server with this URL must support TLS 1.2, at least"}}} is this a problem that i have to take up with bitdefender, or splunk? Thanks, Jackson
... View more
08-18-2022
09:07 AM
I have been following this documentation provided by bitdefender, is this not the one i should be using? https://www.bitdefender.com/business/support/en/77211-171475-splunk.html
... View more
08-17-2022
01:24 PM
Hello, We are using splunk cloud to centralize all our logs, and are currently struggling with Bitdefenders implementation. We have added the HTTP Event Collector, and are now struggling with the final step of sending the logs from Bitdefender to Splunk, When i run the code to connect the two
curl -k -X POST OUR_GRAVITYZONE_API/v1.0/jsonrpc/push -H 'authorization: Basic GRAVITYZONE_API_KEY' -H 'cache-control: no-cache' -H 'content-type: application/json' -d '{
"params": {
"status": 1,
"serviceType": "splunk",
"serviceSettings": {
"url": "https://input-OUR_SPLUNK_CLOUD_LINK:8088/services/collector",
"requireValidSslCertificate": false,
"splunkAuthorization": "Splunk HTTP_EVENT_KEY"
},
"subscribeToEventTypes": {
"hwid-change": true,
"modules": true,
"sva": true,
"registration": true,
"supa-update-status": true,
"av": true,
"aph": true,
"fw": true,
"avc": true,
"uc": true,
"dp": true,
"device-control": true,
"sva-load": true,
"task-status": true,
"exchange-malware": true,
"network-sandboxing": true,
"malware-outbreak": true,
"adcloud": true,
"exchange-user-credentials": true,
"exchange-organization-info": true,
"hd": true,
"antiexploit": true
},
"jsonrpc": "2.0",
"method": "setPushEventSettings",
"id": "1"
}'
}
It returns the Error
{
"id": null,
"jsonrpc": "2.0",
"error": {
"code": -32600,
"message": "Invalid Request",
"data": {
"details": "Invalid or missing request id. Notifications are not supported"
}
}
}
Are there any fixes that we could do to forward our logs from Gravityzone into Splunk Cloud?
... View more
Labels
- Labels:
-
configuration
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-01-2022
11:11 AM
|
