Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Deployment Splunk Universal Forwader

$
0
0
Hello, I would like to deploy the Splunk Universal Forwarder to a batch of servers (150). I will use SCCM, What is the best practice to do so: 1. by a command line through the deployment of application: "---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------" ::splunk installer reg query "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT if %OS%==32BIT GOTO Run32 if %OS%==64BIT GOTO Run64 :Run64 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" LOGON_USERNAME=AD\yyyyyyyy LOGON_PASSWORD=xxxxxxx WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_FWD_ENABLE=1 WINEVENTLOG_SET_ENABLE=1 AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% GOTO End :Run32 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% :End exit /B %MSIError% "---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------" then adding the switches in the command line: :: ::PERFMON=,,... or using a limited command line : "---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------" ::splunk installer reg query "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE | find /i "x86" > NUL && set OS=32BIT || set OS=64BIT if %OS%==32BIT GOTO Run32 if %OS%==64BIT GOTO Run64 :Run64 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% GOTO End :Run32 msiexec /i "%~dp0splunkforwarder-7.0.3-fa31da744b51-x64-release.msi" AGREETOLICENSE=Yes DEPLOYMENT_SERVER=" lopsplkap02:8089 " /quiet Set MSIError=%Errorlevel% :End exit /B %MSIError% "---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------" and then copying file like "---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------" inputs.conf: [WinEventLog://Application] disabled = 0 index = wineventlog [WinEventLog://Security] disabled = 0 index = wineventlog [WinEventLog://System] disabled = 0 index = wineventlog [WinEventLog://Setup] checkpointInterval = 60 current_only = 0 disabled = 0 start_from = oldest index = wineventlog -- Memory [perfmon://Memory] counters = Committed Bytes; Available MBytes; Available Bytes disabled = 0 interval = 300 object = Memory useEnglishOnly=true index = perfmon -- Network [perfmon://Network] counters = Bytes Total/sec; Current Bandwidth; Bytes Received/sec; Bytes Sent/sec disabled = 0 instances = * interval = 300 object = Network Interface useEnglishOnly=true index = perfmon -- Process [perfmon://Process] counters = % Processor Time; Working Set; Working Set - Private disabled = 0 instances = * interval = 300 object = Process useEnglishOnly=true index = perfmon -- Logical Disk [perfmon://LogicalDisk] counters = % Free Space; % Disk Time; Current Disk Queue Length; Avg. Disk sec/Transfer; Free Megabytes disabled = 0 instances = * interval = 300 object = LogicalDisk useEnglishOnly=true index = perfmon -- CPU [perfmon://CPU] counters = % Processor Time; % User Time disabled = 0 instances = * interval = 300 object = Processor useEnglishOnly=true index = perfmon -- [perfmon://PhysicalDisk] counters = Free Megabytes;% Free Space instances = _Total interval = 3600 object = LogicalDisk disabled = 0 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ and also w wmi.conf ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ -- Lists all services registered on the system,if they are running,and the status [WMI:Service] disabled = 0 interval = 3600 wql = SELECT Name, Caption, State, Status, StartMode, StartName, PathName, Description FROM Win32_Service index = main ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- What is the best path to do it? if it is the second solution how to "link" the files to the command line...? Thanks, Dom

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>