![]() servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections REDACTED:9997 forwarded-server already presentĬ:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest -noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/inputs/win-event-log-collections/localhost lookup_host=localhost^&logs=Application^&logs=Security^&logs=System^&logs=ForwardedEvents^&logs=Setup > "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1" Other than a few of these types of details "input type=perfmon because it already exists" still unsure of the problem:Ĭ:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" cmd splunkd rest -noauth POST /servicesNS/nobody/SplunkUniversalForwarder/data/outputs/tcp/server "name=REDACTED:9997" > "C:\Users\control\AppData\Local\Temp\splunk.log" 2>&1"Ĭache-Control: no-store, no-cache, must-revalidate, max-age=0 ![]() The logs don't seem to have any intel I find useful, but maybe you all have a better secret decoder ring? Regardless that the log states "SplunkForwarder already exists" there is no current installation of the forwarder (but I have attempted it several times) ![]() I've installed the forwarded on several other domain controllers in our environment but these last 2 keep failing, throwing the all too enigmatic "setup ended prematurely" error.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |