Splunk Add-on for Microsoft Windows: Failed to ins...

MedralaG · ‎12-08-2017

I can see the following error appearing every minute or one of the hosts with a UF installed.
I have tried removing the app on the UF and restarting it, the app gets re deployed by the DS but its still says it's failing the installation.
The same app is deployed to over 600 hosts and only fails on 3.

12-08-2017 14:20:48.524 +0000 WARN  DeployedApplication - app=Splunk_TA_windows was already installed via search head cluster deployer, UI, CLI, or REST API; it may not be overridden via deployment server; remove existing app=Splunk_TA_windows via search head cluster deployer, UI, CLI, or REST API if you wish to install it via deployment server host =   XXXXXXXXXX source =           C:\Program Files\SplunkUniversalForwarder\var\log\splunk\splunkd.log sourcetype =            splunkd

htidore · ‎12-09-2017

Just by reading the error message, it seems that your UF may also be pointing to a Deployer. Check the forward-server list of the UF.

MedralaG · ‎12-11-2017

We don't have a Deployer in that environment.
What do you mean by the firward-server list?
As in the list of servers in the outputs.conf?

htidore · ‎12-11-2017

Take a look at this thread.
https://answers.splunk.com/answers/319215/after-upgrading-windows-forwarders-from-splunk-611.html

If the UF is newly upgraded, it could be the case of manual upgrade includes auto creation of TA_windows.

Splunk Add-on for Microsoft Windows: Failed to install app

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!