Had Splunk Enterprise 7 running and recently updated to 8.1.2. After going over the fundamentals video I wanted to install using customize and Active directory on my Server 2016 Active Directory server. So I removed Splunk and tried to reinstall using the customize. It get most of the way done and then it does a rollback. Looked in C:\Program files\Splunk for logs and found Splunkd-utility
02-16-2021 14:49:56.946 -0500 INFO loader - Getting configuration data from: C:\Program Files\Splunk\etc\myinstall\splunkd.xml
02-16-2021 14:49:56.947 -0500 INFO loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to C:\Program Files\Splunk\etc\modules
02-16-2021 14:49:56.947 -0500 INFO loader - loading modules from C:\Program Files\Splunk\etc\modules
02-16-2021 14:49:56.951 -0500 INFO loader - Writing out composite configuration file: C:\Program Files\Splunk\var\run\splunk\composite.xml
02-16-2021 14:49:56.972 -0500 WARN Pstacks - Backtracing is not initialized - GeneratePstacksAction cannot be used..
02-16-2021 14:49:56.972 -0500 WARN WatchdogActions - Initialization failed for action=pstacks. Deleting.
02-16-2021 14:49:56.972 -0500 INFO loader - Service "Splunkd" does not exist
02-16-2021 14:49:56.972 -0500 INFO loader - Skipping validation of index paths because may not be running as the correct user
02-16-2021 14:49:56.972 -0500 INFO loader - Validated 10 indexes in 0 microseconds
02-16-2021 14:49:57.235 -0500 INFO ServerConfig - Found no hostname options in server.conf. Will attempt to use default for now.
02-16-2021 14:49:57.235 -0500 INFO ServerConfig - Host name option is "".
02-16-2021 14:49:58.337 -0500 INFO loader - Getting configuration data from: C:\Program Files\Splunk\etc\myinstall\splunkd.xml
02-16-2021 14:49:58.337 -0500 INFO loader - SPLUNK_MODULE_PATH environment variable not found - defaulting to C:\Program Files\Splunk\etc\modules
02-16-2021 14:49:58.337 -0500 INFO loader - loading modules from C:\Program Files\Splunk\etc\modules
02-16-2021 14:49:58.337 -0500 INFO loader - Writing out composite configuration file: C:\Program Files\Splunk\var\run\splunk\composite.xml
Thanks.
Hi @dflatley,
To troubleshoot further we'll need logs from msiexec.exe. You can generate them by doing something like the following from a command prompt:
msiexec /l*vx msiexec.log /i <splunk.msi>
(Where <splunk.msi> is replaced with the filename of the MSI.)
If you then search msiexec.log for the string return value 3 and paste 20 or so lines immediately preceding it, hopefully that will tell us what has gone wrong.
There may also be a file in %TEMP% called splunk.log. That may also help shed some light.
Cheers,
- Jo.