Getting Data In
Highlighted

Does Splunk Windows installer generates any logs during the install process?

Splunk Employee
Splunk Employee

Splunk Windows installer, the msi package, is used to install new Splunk instances or upgrade/update existing Splunk instances. Does the installer generate any logs, and if so where are they located?

Highlighted

Re: Does Splunk Windows installer generates any logs during the install process?

Splunk Employee
Splunk Employee

I am not certain if it does so by default for successful installations, but you can control the logging level and location of the log files by providing command line options using the /l switch if you run the Splunk installer using msiexec.exe. More information is here: http://support.microsoft.com/kb/227091

An excerpt is here, and can also be displayed from Windows by calling msiexec.exe /?

/l      [i|w|e|a|r|u|c|m|p|v|+|!]Logfile          Specifies the log 
                                                  file path and
                                                  indicates the flags 
                                                  to be logged.

                                                  i - Status messages.

                                                  w - Non-fatal warnings.

                                                  e - All error messages.

                                                  a - Startup of actions.

                                                  r - Action-specific
                                                  records

                                                  u - User requests.

                                                  c - Initial User
                                                  Interface (UI) 
                                                  parameters

                                                  m - Out-of-memory.

                                                  p - Terminal properties.

                                                  v - Verbose output.

                                                  + - Appends to the
                                                  existing file.

                                                  ! - Clears each line in
                                                  the log file.

                                                  "*" - Wildcard.
                                                  Logs all information,
                                                  but the use of the v
                                                  option is not included.
                                                  To include the v option,
                                                  type "/l*v."

View solution in original post

Highlighted

Re: Does Splunk Windows installer generates any logs during the install process?

Splunk Employee
Splunk Employee

An example of how to use this would be -

`C:\Downloads> msiexec /i splunk-4.1.1-78212-x86-release.msi /lv C:\tmp\splunkInstall.log

This is only necessary on Win 2003 and earlier, by default Vista and 2008 will create a log automatically in the 'Temp' directory. Hit 'Start/Run' and type '%Temp% to bring it up in Explorer

Highlighted

Re: Does Splunk Windows installer generates any logs during the install process?

Splunk Employee
Splunk Employee

As mentioned by gkanapathy and Mick at install time the MSI engine logs the install and uninstall activity of Splunk installer. In 2003/XP you'll have to enable this by running the installer via the msiexec and using the "-l" option. On Vista/2008/Win7 this happens by default and the log file typically is named like "MSIfb94.log". In addition to the MSI engine logging, Splunk install code also logs its activity too. Those log lines start with "* ", eg:

*** EnableBootStartInvisible: Start  
MSI (s) (90!9C) [15:31:55:280]: Creating MSIHANDLE (46) of type 790531 for thread 4764  
*** _LaunchAppEx: Create process executing: cmd.exe /c ""C:\Program Files\Splunk\bin\splunk.exe" enable boot-start-loop --answer-yes --no-prompt --accept-license >> C:\Users\ledio\AppData\Local\Temp\Splunk-107.1.14133.log 2>>&1"  
*** _LaunchAppEx: WaitForSingleObject retval=0, exitCode=0  
MSI (s) (90!9C) [15:32:26:983]: Creating MSIHANDLE (50) of type 790531 for thread 4764  
*** EnableBootStartInvisible: Finished  

Another log file created during install time and stored in %temp% is one that captures the STDOUT of every Splunk command executed during the install process and that includes commands like:

splunk.exe enable boot-start
splunk.exe start
splunk.exe stop
...

If the installer failed for any reason these are the two files you'll need to be paying attention too.

Cheers,
Ledio