How can I install Splunk universal forwarder on Windows?
Prerequisites to installation
Create a firewall rule to allow tcp and upd traffic over ports 9997 to indexer.cc.uic.edu (18.104.22.168) and 8089 deployment.splunk.uic.edu (22.214.171.124).
Confirm that you can reach the splunk servers by attempting to telnet to each server on its respective port.
Create a service account for splunk. We recommend the username to be "splunk."
Splunk installations require a password for the splunk service which should be different than the splunk user service account password.
Download the Windows MSI Splunk installer from https://uofi.app.box.com/splunk
Command line instructions
Installation via command line is long, but straightforward.
msiexec /i LAUNCHSPLUNK=1 DEPLOYMENT_SERVER=deployment.splunk.uic.edu:8089 AGREETOLICENSE=Yes SERVICESTARTTYPE=auto WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_FWD_ENABLE=1 WINEVENTLOG_SET_ENABLE=1 SPLUNKPASSWORD=password /l*v c:\windows\temp\splunkUF.log /quiet
Please modify the above to use your own password.
NOTE: The password you use isn't for an account that exists in AD and doesn't need to exist for an account that's local to the machine. However, you may require this password to complete certain actions with Splunk so be sure to remember it.
Right-click on the installation file and choose Install.
1. Click on "Check this box to accept the License Agreement", then click Next.
2. Enter in a password for the application and press Next.
3. Enter in deployment.splunk.uic.edu for Hostname and 8089 for the port. Select Next.
4. No input required on this screen. Select Next.
5. No input required. Select Install.
6. Visual feedback is shown as the program installs.
7. Several informational buttons are presented. Select Finish to complete the install.