Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the Windows universal forwarder not showing in forwarder management?

Rebeccakettler
Path Finder
‎04-18-2018 09:41 AM

I am trying to create a new universal package for our windows servers. The log data from our test server is showing up in Splunk the way it should; however, I don't see the server name in Forwarder Management. Our old package which was "lost" did populate the forwarder management list.
Any troubleshooting recommendations or advice?
We do not have server classes or apps configured in the deployment server at this time. The current forwarders only show as clients.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Rebeccakettler
Path Finder
‎05-18-2018 10:44 AM

Ended up just using the second string with a few additional windows logs enabled. No deployment server. We can alter the config with out patching system so we will continue to do that for now.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Rebeccakettler
Path Finder
‎05-18-2018 10:44 AM

Ended up just using the second string with a few additional windows logs enabled. No deployment server. We can alter the config with out patching system so we will continue to do that for now.

0 Karma
Reply
Solved! Jump to solution

Rebeccakettler
Path Finder
‎04-20-2018 04:01 AM

msiexec.exe /i "splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" ALLUSERS=1 /qn /norestart /log output.log RECEIVING_INDEXER="indexer:9997" DEPLOYMENT_SERVER="indexer:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 SERVICESTARTTYPE=auto LAUNCHSPLUNK=1 AGREETOLICENSE=Yes

This did not get any data into splunk. 😞 So it was a step back. I replaced the real name of our indexer with just indexer.

This got data into splunk but did not show up in the forwarder manager.

msiexec.exe /i splunkuniversalforwarder_x86.msi RECEIVING_INDEXER="indexer1:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...