![]() Start "%%h Splunkforwarder Install" cmd /c psexec \\%%h -u %1 -p %2 -c install-from-remote.bat > %%h-output.txtįrom a cmd prompt in the directory with all the shares you run it with administrator credentials: multiple-install.bat domain\username password Rem run with: multiple-install.bat domain\username passwordĮcho Output being sent to multiple-install-splunk-output.txtįor /f "delims=" %%h in (nodenames.txt) do ( Put psexec either in your path, or in the directory you will launch from (which may as well be the share in order to keep it all in one place).Ĭreate a nodenames.txt with the hostnames or IP’s of every server you want to install onto. Now you need psexec which is part of the incredibly useful sysinternals stuff that were so useful that Microsoft absorbed them (if only they would put them on all server installs by default – the Sysinternals Process Explorer is so much better than task manager). IF NOT EXIST K:\file-exists.txt GOTO NONETDRV Rem Check for random batch file on K to check mapping worked Rem change the drive to something that *shouldn't* clash on the network or hardware Rem change the path to the share on the machine with the batch files and splunkforwarder msi files: Now – this is useful enough when you map a drive in explorer and run a command window on a server – however you can then use some quick scripting and the incredibly useful psexec command to roll it out to multiple servers at once.įirst off you need a batch file that will be run on each remote host and can call the splunk forwarder install from across the network – note you need a random batch file (here called “file-exists.txt”) that exists in the root of the share to check it mapped the drive off Note that if you are putting this onto a VM template then set the LAUNCHSPLUNK to 0 and add CLONEPREP=1 ![]() ![]() Splunkforwarder-6.1.1-207789-x86-release.msi INSTALLDIR="c:\Program Files\SplunkUniversalForwarder" AGREETOLICENSE=Yes MIGRATESPLUNK=0 RECEIVING_INDEXER="" DEPLOYMENT_SERVER="deployhostname:8089" WINEVENTLOG_APP_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 SERVICESTARTTYPE=auto LAUNCHSPLUNK=1 /quiet Splunkforwarder-6.1.1-207789-圆4-release.msi INSTALLDIR="c:\Program Files\SplunkUniversalForwarder" AGREETOLICENSE=Yes MIGRATESPLUNK=0 RECEIVING_INDEXER="" DEPLOYMENT_SERVER="deployhostname:8089" WINEVENTLOG_APP_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 SERVICESTARTTYPE=auto LAUNCHSPLUNK=1 /quiet If "%programfiles(x86)%XXX"="XXX" goto 32BIT Put both the 64 bit and 32 bit versions of the Splunk Forwarder onto a windows share that you can reach (read only is fine) from any machine in the network.Ĭreate a install-splunkforwarder.bat – replacing the deployhostname with the hostname you want (or if you aren’t using it then fill in the indexing host and the event logs to monitor:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |