We have been trying to restart splunk services on a forwarder as it had stopped working some time back, but when you try any option (start/stop), splunk seems to enter an upgrade setup and the following message turns up:
Do you agree with this license? [y/n]: y
This appears to be an upgrade of Splunk.
--------------------------------------------------------------------------------)
Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk's installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.
You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:
If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose 'y'.
If you want to see what changes will be made before you proceed with the
upgrade, choose 'n'.
Perform migration and upgrade without previewing configuration changes? [y/n] n
-- Migration information is being logged to '/apps/splunk/var/log/splunk/migration.log.2015-04-23.11-49-27' --
Migrating to:
VERSION=6.1.2
BUILD=213098
PRODUCT=splunk
PLATFORM=Linux-x86_64
********** BEGIN PREVIEW OF CONFIGURATION FILE MIGRATION **********
An error occurred: In order to migrate, Splunkd must not be running.
[splunkadm@s220823vaps7016 bin]$
Has anyone else faced this? Please suggest what can be done to fix this. Please note this is happening on only the particular forwarder.
Seriously? How is this check performed and why isn't it working properly? I'm seeing this as well--looks like a bug to me!
What's more it keeps happening even if I agree to the 'upgrade', which does nothing, because there isn't one.
Hi saikatr
- retry stopping splunkd
- if it already no work just copy all your apps which are in app directory
- then uninstall splunk instance and re install another instance.
I am getting this with the docker container version of the splunk forwarder. I'm struggling to find a proper and consistent fix.