I'm trying to upgrade splunk to the version 6.2 on windows 7 64 bits, it performed a "rollback action" during which I got the message : " splunk Enterprise setup wizard ended prematurely because of an error. Your system has not been modified... "
when i write splunk status on CLI i got the message : "splunkd : unable to obtain status".
Any help please ?? Thanks
Nice to hear i am not alone. I run in exactly the same problem!
I got the same message. I tried to start Splunk using the CLI afterwards, but Splunkweb and Splunkd were no longer installed as services.
I tried the upgrade again and it installed this time, however the Splunk processes now use the local system account instead of the domain account I've been using in previous versions. There were no options presented during the upgrade, the installer just changed it.
Yeah, my services were also removed. Maybe some problem with the new services, as far as i know the splunkd and splunkweb services are combined after the upgrade. I could also find a "splunk.log" in the temp directory of windows that should log the installation progress. It said the installation failed because of some account rights that can not be transfered. But i didn't understand it and can't remember completely. Sadly i can't post it now, because i am at my home computer now.
I should add that my installation is on Windows Server 2008 R2.
Can anyone experiencing this issue supply the MSIxxxxxx.log file? This is normally found in %temp%. In addition there will be a splunk.log there as well (sometime windows puts it in the directory right above %temp%).
I've looked and unfortunately I don't see that file anywhere. The most recent MSI file I have is from when I installed Splunk 6.1.4.
I've emailed you a load of log files that might be relevant to the failed upgrade after testing that on my home PC... no MSIxxxxxx.log file to be found anywhere though.
what build are you upgrading from?
VERSION=6.1.4 BUILD=233537 PRODUCT=splunk PLATFORM=Windows-AMD64
VERSION=6.2.0 BUILD=237341 PRODUCT=splunk PLATFORM=Windows-AMD64
#splunk if you need more info, probably easier...