0

Install fails with Splunk host defined, no data coming out

I am installing the 64-bit MSI on a brand new Windows 10 machine. If I specify the Splunk host during the install, I get an error stating "verify that you have sufficient privileges to start system services". I did quite a bit of troubleshooting and google-diving, and I found an old support post here where someone was able to get past the install by leaving the host blank.

 

I did the same thing and now the service is running. I edited uberAgent.conf, and under the [Receiver] section changed the "Servers" line too reflect my IP address and port. I left everything else Default.

 

[Receiver]

Name = Default

Type = Splunk

Protocol = TCP

Servers = 192.168.123.123:19500

RESTToken =

 

The only line I changed is the "Servers" line. I restarted the service and rebooted the host. I did get the UA splash screen at one point, but I do not have any data coming into my Splunk or out of the Windows 10 machine. I see nothing at all coming from it on port 19500, and nothing that looks like UA data (per Wireshark) on any other port/destination.

 

I feel like the part of the install that I had to skip by is probably the problem, but I don't know how to proceed. Any advice would be appreciated. Thank you.

2 comments

  • 0
    Avatar
    Dominik Britz

    Forwarded this to our support system as we need log files that may contain sensitive information.

  • 0
    Avatar
    Dominik Britz

    Solved by changing the config file after the fact

Please sign in to leave a comment.