1. Knowledge Base
  2. Information Security
  3. How can I install Splunk universal forwarder on Windows?

How can I install Splunk universal forwarder on Windows?

Prerequisites to Installation

Command Line Instructions

Installation via command line is long, but straightforward.
 
msiexec.exe /i "C:\TEMP\splunkforwarder-9.0.0.1-9e907cedecb1-x64-release.msi" WINEVENTLOG_APP_ENABLE=0 WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 WINEVENTLOG_FWD_ENABLE=0 WINEVENTLOG_SET_ENABLE=0 AGREETOLICENSE=Yes SERVICESTARTTYPE=auto DEPLOYMENT_SERVER="deployment.splunk.uic.edu:8089" /norestart /l*v "%windir%\Logs\splunkUF_9.0.0.1.log" /quiet
NOTE:  
C:\TEMP\splunkforwarder-9.0.0.1-9e907cedecb1-x64-release.msi is where you keep downloaded Universal forwarder package.
 

Install a Windows universal forwarder from an installer

  1. Double-click the MSI file to start the installation.

  2. The first screen of the installer should pop-up. Select the Check this box to accept the License Agreement check box and the check box for either Splunk Enterprise or Splunk Cloud.

  3. To change any of the default installation settings, click the "Customize Options" button. See the following steps. Otherwise, click Next.

    1. (Optional) In the Destination Folder dialog box, click Change to specify a different installation directory.

    2. On the Certificate Information page, click Next as a best practice. Do not specify any parameters.

    3. As a best practice, run the Universal Forwarder as the Local System user and click Next. See "Install as a low-privilege user" for information about securing your system when installing as a local user.

    4. (Optional) Select one or more Windows inputs from the list and click Next.

  4. Create a username and password for your Universal Forwarder administrator account. Check Generate random password to let Splunk generate a password for you.

  5. Do at least one of the following two steps:

    • In the Deployment Server pane, enter deployment.splunk.uic.edu and management port 8089 for the deployment server that you want the universal forwarder to connect to and click Next.

    • In the Receiving Indexer pane, leave it empty for the receiving indexer that you want the universal forwarder to send data to and click Next.

  6. Click Install to proceed with the installation. The installer runs and displays the Installation Completed dialog box. The universal forwarder automatically starts.

  7. From Windows Control Panel, confirm that the SplunkForwarder service runs.

 

 

Details

Article ID: 876
Created
Fri 1/15/21 6:12 PM
Modified
Mon 2/13/23 12:20 PM