- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Splunk UF installation issue in rhel6 and amazon20...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk UF installation issue in rhel6 and amazon2018 after upgrade?
I am upgrading splunk UF from 8.0.5 to V 9.0.0 in my all linux flavours (rhel,6,7,8 ,amz 2018,2 and cent7).It got installed properly except rhel6 and amazon-2018. When I am trying to execute below command through automated script it got hung but surprisingly when I execute same command from tty ,its working fine. I used both shell (sh and bash) in my shebang.
I found few hung child processes when I did ps -eaf | grep splunk
"/opt/splunkforwarder/bin/splunk start --accept-license --no-prompt"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Finally figured this one out thanks to a similar issue someone had 8 years ago lol. you will need to bypass the first-time run script by doing a few things.
1. rm -rf $splunkforwarder_home/ftr
2. cp $splunkforwarder_home/etc/auth/cacert.pem.default $splunkforwarder_home/etc/auth/cacert.pem
3. cp $splunkforwarder_home/etc/auth/ca.pem.default $splunkforwarder_home/etc/auth/ca.pem
4. cp $splunkforwarder_home/etc/myinstall/splunkd.xml.cfg-default $splunkforwarder_home/etc/myinstall/splunkd.xml
5. create a user-seed.conf file for the default admin user.
6. $splunkforwarder_home/bin/splunk start
This should start the UF then just proceed to stop, enable boot-start, and finally start the UF service for the final time.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So our install/upgrade script is getting stuck at the accept license prompt, but when you login to the machine and enter the same accept license command it runs albeit with some errors .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same issue for OL6 this is def a splunk 9 bug.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have noticed the UF upgrades took a long time as well. If you look at the UF upgrade log it complains about kvstore which is something totally new in v9. We noticed when we disabled the kvstore and performed an upgrade that the upgrade was wicked' quick. The kvstore message is confusing and very likely cause our customers to question it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you disable the kvstore, is that during the installation/upgrade?
do you run a command to disable it before the start --accept-license command?
thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We're having this same exact issue. We contacted support and they say no it's not splunk issue. we're still looking for a solution for this.
thanks!
.conf24 | Day 0
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
