- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Upgrade Splunk Universal forwarder ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrade Splunk Universal forwarder ?
Hi Guys
Im a little confused, I need to upgrade what I believe is a Splunk universal forwarder, I think this as its located "C:\program files\SplunkUniversalForwarder" build version is below -
VERSION=4.3.2
BUILD=123586
PRODUCT=splunk
PLATFORM=Windows-AMD64
This is installed on a 2008 R2 64bit box, my issue is that when trying to upgrade with SplunkFprwarder-5.0.2-149561-x64-release
the upgrade seems to get about halfway though but then fails with this error -
Splunk Launcher - Splunk could not start splunks first time run - Error Code - 1
Im installing as a domain admin so its not related to privlidges, the other issue I see is that the only service that is running is called Splunk Forwarder, there are no other Splunk services installed from what I can see, I dont know if thatts an issue ?
any ideas guys ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK I have sorted it -
I ended up deleting the service from services, this was named SplunkForwarder ( it was the only Splunk service listed), of course it didnt go smoothly and there was an error to state that the service didnt exist, I then tried to restart the said service only to get yet another error.
I then ran the upgrade again which then got 1 step further but failed again but with another error stating that Splunk couldnt create a service, I then rebooted and ran the installer again and low and behold it installed without issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pleased I could help 🙂
Please give the tick box a tick to mark as an answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was a good tip. I had the same trouble installing v5.0.3 over v5.0.2. I stopped the service, then used a domain admin account to do the install. I did not have to reboot.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
EDIT --- exact error message is -
Splunk Installer was unable to launch Splunks first time run - Error Code 1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another thing that I noticed is that when upgrading Im asked questions such as the deployment servers details and forwarders details IP's even what logs I would like to monitor, on other machines with the upgrade it just installs without being prompted for this info.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
