I was running Splunk 5 Free on my Windows 7 machine for a year or so. I then upgraded to Splunk 6.0 then to 6.0.1 without any problems. I did not create any new searches or dashboards and it preserved the ones that I had in 5.0.1.
The Splunk 6 upgrade installed an Enterprise trial license which expired, so I downgraded to the Free license. After that it kept maxing out every few hours at 500MB and did not reset until the next day. I looked into it and confirmed that I do not have any periodic searches going on, but I noticed that the system has some real-time searches which ingested 10 to 100 KB per execution.
Upon the advice from the help desk, I uninstalled Splunk 6 and try to reinstall Splunk 5. That's when the real problem started. The installer copied all of the files to the Program Files\Splunk directory, but could not proceed due to permission problems. It then gave up and displayed the message "Splunk Installer was unable to create Splunk Services."
There are other people who are experiencing this problem.
Searches do not affect the indexing volume. It is possible that the upgrade enabled new inputs and it was the new inputs that increased the indexing volume.
If you are an administrator you should be able to change the security settings on the folders to gain access. When you try to install Splunk next time do it by opening a cmd window as Administrator, and calling the msi from there:
Thanks for your inputs. I figured out item 1, however even though I run as administrator I cannot remove the Splunk5 directory.
I can create and delete folders in the "Program Files"\ folder, but after I try to install Splunk to a newly created folder I can no longer delete it as administrator.
What error do you get when you try to delete it? Are the splunk services stopped? All because you are running as administrator does not mean that administrator has rights to the folder. What are the security settings?
Is there any anti-virus running, we experienced strange occurrences when we did not have rules that excluded splunk from AV: http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/RunningSplunkalongsideWindowsantivir...