Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunkd windows service marked for deletion after upgrade

yazapage
Explorer
‎02-18-2011 07:01 PM

I upgraded from Splunk 3.4.9 to 4.0.1 and then to 4.1.5 using localsystem as the account.

After I upgraded the second time the splunkd service was disabled.

I tried to reactivate after changing to a domain account (with the appropriate permissions). The service is "marked for deletion" and will not allow me to change user accounts or start.

Where do I go from here? Do I need to start my upgrades all over again?

Reply
1 Solution
Solved! Jump to solution
Solution

Ledio_Ago
Splunk Employee
Splunk Employee
‎02-18-2011 07:45 PM

Yazapage,

it seems like the "splunkd" windows services is stuck in an un-deterministic state. Fist of all once Splunk is running as a Local System user, all of the files created at run time will be owned by that user. Switching to a Domain user account it will not do any good. I suggest you switch both services, including splunkweb back to Local System User again.

As far as the splunkd service, you may need to reboot the machine for Windows Service manager to release that service. Once the machines comes backup online again, the services manager will have deleted the service, and you'll need to create another one.

As far as splunkweb, just open service manager and tell splunkweb service to run as Local System user.

Since splunkd service is delete now, to created again open a terminal and go to Splunk home bin directory, eg:

cd c:\Program Files\Splunk\bin

From there run:

splunk enable boot-start

This command will try and create both services, splunkd and splunkweb allover again.

Start splunk:

splunk start

Let us know how it goes.

Thanks, Ledio

View solution in original post

Reply
Solved! Jump to solution
Solution

Ledio_Ago
Splunk Employee
Splunk Employee
‎02-18-2011 07:45 PM

Yazapage,

it seems like the "splunkd" windows services is stuck in an un-deterministic state. Fist of all once Splunk is running as a Local System user, all of the files created at run time will be owned by that user. Switching to a Domain user account it will not do any good. I suggest you switch both services, including splunkweb back to Local System User again.

As far as the splunkd service, you may need to reboot the machine for Windows Service manager to release that service. Once the machines comes backup online again, the services manager will have deleted the service, and you'll need to create another one.

As far as splunkweb, just open service manager and tell splunkweb service to run as Local System user.

Since splunkd service is delete now, to created again open a terminal and go to Splunk home bin directory, eg:

cd c:\Program Files\Splunk\bin

From there run:

splunk enable boot-start

This command will try and create both services, splunkd and splunkweb allover again.

Start splunk:

splunk start

Let us know how it goes.

Thanks, Ledio

Reply
Solved! Jump to solution

yazapage
Explorer
‎02-21-2011 08:55 PM

The services recreated properly after rebooted & ran the "splunk enable boot-start" command.
Now I have some other issues

0 Karma
Reply
Solved! Jump to solution

malmoore
Splunk Employee
Splunk Employee
‎02-19-2011 01:00 AM

Services marked for deletion won't be accessible until the server is restarted. After you bounce the box you should be able to create the service again.

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...