Running windows 2008 64bit , simply wanted to upgrade as it was prompting me too and got annoying so I did now it's busted :). That's what I get for using free version.
Windows Event error:
Log Name: Application
Source: Application Error
Date: 11/6/2014 2:57:34 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Description:
Faulting application name: splunkd.exe, version: 1538.0.0.40733, time stamp: 0x5448464d
Faulting module name: splunkd.exe, version: 1538.0.0.40733, time stamp: 0x5448464d
Exception code: 0xc0000005
Fault offset: 0x000000000046e213
Faulting process id: 0xcd8
Faulting application start time: 0x01cff9fbe8441f46
Faulting application path: R:\Splunk\bin\splunkd.exe
Faulting module path: R:\Splunk\bin\splunkd.exe
Report Id: 2603b6b2-65ef-11e4-a63b-005056983db8
Event Xml:
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-11-06T19:57:34.000000000Z" />
<EventRecordID>9372</EventRecordID>
<Channel>Application</Channel>
<Security />
<Data>splunkd.exe</Data>
<Data>1538.0.0.40733</Data>
<Data>5448464d</Data>
<Data>splunkd.exe</Data>
<Data>1538.0.0.40733</Data>
<Data>5448464d</Data>
<Data>c0000005</Data>
<Data>000000000046e213</Data>
<Data>cd8</Data>
<Data>01cff9fbe8441f46</Data>
<Data>R:\Splunk\bin\splunkd.exe</Data>
<Data>R:\Splunk\bin\splunkd.exe</Data>
<Data>2603b6b2-65ef-11e4-a63b-005056983db8</Data>
Managed to upgrade to 6.2.x... for some reason I had to use local systems account during install process did not like using domain account we had assigned.
Managed to upgrade to 6.2.x... for some reason I had to use local systems account during install process did not like using domain account we had assigned.
I validated that config.xml file and all I see in the file is 1 line
null null null null.....
Did the required steps, but still no go...
R:\Splunk\bin>splunk restart
Splunkd: Stopped
Splunk> The Notorious B.I.G. D.A.T.A.
Checking prerequisites...
Checking mgmt port [8089]: open
Checking configuration... Error while parsing 'R:\Splunk\etc\modules\int
ernal\scheduler\config.xml':
not well-formed (invalid token): line 1, column 0
There were problems with the configuration files.
Would you like to ignore these errors? [y/n]:
I click Y and tons of errors... (a small clip)
Checking critical directories... Done
[build 237341] 2014-11-10 08:40:31
Access violation, cannot read at address [0x0000000000000010]
Exception address: [0x000000013FB8E213]
Crashing thread: Main Thread
MxCsr: [0x0000000000001FA0]
SegDs: [0x000000000000002B]
SegEs: [0x000000000000002B]
SegFs: [0x0000000000000053]
SegGs: [0x000000000000002B]
SegSs: [0x000000000000002B]
SegCs: [0x0000000000000033]
EFlags: [0x0000000000010202]
Rsp: [0x00000000002DE120]
Rip: [0x000000013FB8E213] ?
Dr0: [0x0000000000000000]
Dr1: [0x0000000000000000]
Dr2: [0x0000000000000000]
Dr3: [0x0000000000000000]
Dr6: [0x0000000000000000]
Dr7: [0x0000000000000000]
Rax: [0x0000000000000000]
Rcx: [0x0000000000000000]
Rdx: [0x00000000002DE208]
Rbx: [0x00000001412AE090]
Rbp: [0x00000000002DEAA0]
Rsi: [0x0000000000000000]
Rdi: [0x0000000000000000]
R8: [0x000007FEF57065A0]
R9: [0x0000000000000000]
R10: [0x0000000000000000]
R11: [0x00000000002DE100]
R12: [0x0000000000000000]
R13: [0x0000000000000002]
R14: [0x00000001412AE090]
R15: [0x0000000000000000]
DebugControl: [0x00000000004448D0]
LastBranchToRip: [0x0000000000000000]
LastBranchFromRip: [0x0000000000000000]
LastExceptionToRip: [0x0000000000000000]
LastExceptionFromRip: [0x0000000000000000]
OS: Windows
Arch: x86-64
Backtrace:
Splunk ran as local administrator /6.1 Service Pack 1
GetLastError(): 0
Executable module base: 0x000000013F720000
argv: [R:\Splunk\bin\splunkd validatedb]
The very first thing i would do is re-apply default security.
Now open a dos prompt and issues a Splunk Restart from R:\Splunk\bin
Important note: Use dos to restart the splunk processes as it will display errors or other warnings you might have missed by using service manager.