- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to distribute splunk.secret to Windows Heavy F...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello guys,
We are going to install two Heavy Forwarders on Windows 2012 R2 servers. The remaining instances of Splunk, which build up our distributed architecture, are running on SLES.
As usual, according to best practices, I was trying to distribute our "master" splunk.secret file to new Heavy Forwarders hosted on Windows servers.
I tried to install Splunk using the following command line:
msiexec.exe /i splunk-<...>-x64-release.msi AGREETOLICENSE=Yes WEB_PORT= DEPLOYMENT_SERVER="" LAUNCHSPLUNK=0 INSTALL_SHORTCUT=0
As expected the "splunkd" service did not start when installation finished, but unluckily a new splunk.secret was automatically created and contents where encrypted using it.
So I tried an interactive installation with only the "LAUNCHSPLUNK=0" flag and I monitored the file system: I noticed that the splunk.secret and the encrypted files are created at the same exact time, before the service is started.
QUESTION: is it possible to install Splunk on Windows without the creation of a new splunk.secret and the subsequent encryption of data with it, in the same way it is possible in Linux?
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got it to work but took a little digging. My command was:
msiexec.exe /i splunk-6.5.1-f74036626f0c-x64-release.msi AGREETOLICENSE=Yes DEPLOYMENT_SERVER="server:8089" LAUNCHSPLUNK=0 INSTALL_SHORTCUT=0 INSTALLDIR="D:\Program Files\Splunk"
When the install completed, Splunk was not started but as you mention there was a splunk.secret that encrypted a single entry for sslPassword in the server.conf. I sync'd that entry with the system where my splunk.secret came from and I now have it working.
Hope this helps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you cmutt78, your solution is working.
By the way: there is some additional, useful information at this link: https://wiki.splunk.com/Community:Run_multiple_Splunks_on_one_machine (this is specific for multiple Splunk instances on the same box).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I got it to work but took a little digging. My command was:
msiexec.exe /i splunk-6.5.1-f74036626f0c-x64-release.msi AGREETOLICENSE=Yes DEPLOYMENT_SERVER="server:8089" LAUNCHSPLUNK=0 INSTALL_SHORTCUT=0 INSTALLDIR="D:\Program Files\Splunk"
When the install completed, Splunk was not started but as you mention there was a splunk.secret that encrypted a single entry for sslPassword in the server.conf. I sync'd that entry with the system where my splunk.secret came from and I now have it working.
Hope this helps.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
