Hi

as @gcusello said you shouldn’t uninstall old client first and then install anew one! The correct way is just update the old version over old. But you should follow the instructions which told from - to versions you must use. E.g you cannot update from 7.3 to 9.0.5, you must use some middle versions between those. One reason for that is local fishbucket db. This is keeping track for all inputs which you have on your client node. If you remove the installation, then you remove also that db and the result will be duplicated log entries as a new UF version start to collect all logs from beginning of files you have on that node.

r. Ismo

You didn't answer the question.  Is there a clean off tool or not?

I have a situation where I need to uninstall 9.4.2 from windows 2016 and install 9.3.8 and get a 1603 from the 9.3.8 msi complaining about registry conflicts.

We have to use 9.3.8 and not latest 10.x because Cisco decided to stop supporting 2016 11 months before MS did/does and 9.3.8 is the release we need to resolve vulnerabilities that our scanning tool is barking about.

Windows should have a built-in tool to uninstall software.  There also are plenty of third-party tools to do so.  Splunk does not provide one.

This is why most (apparently not this one) supply an exe that takes care of all pollution on the box.

Then you would require MS to know the ins and outs of every vendors installer.  Never going to happen.

We're going into very off-topic directory but from my experience while linux packages often contain pre/post-(un)install scripts, unless they are horribly broken like a specific vendor's software which I'm not gonna name explicitly here, they usually behave quite well. The package manager tracks files which are getting installed, the scripts handle config entries pretty well (again - usually). I think there are two main culprit in case of windows.

1) MSI "happened" when there were already a lot of different installation tools on the market (and still are). And Building MSI has never AFAIR been very straightforward, well docummented and easy (at least compared to tons of docs and tutorials on building debs or RPMs).

2) There is that ugly beast of windows registry you have to deal with. And it's a great PITA not only regarding software (un)installation.

Hence the reason that most not all vendors supply a mop up process.

I'm sorry but whenever I see "we need to install version X.X.X because our vulnerability scanner reports a finding" I die a little inside. Has anyone bothered to read and understand what the finding is about?