Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Upgrading Universal Forwarder 8.x.x to 9.x.x does not work?

blaha1
Explorer
‎11-07-2022 07:00 AM

I have been using the Universal  forwarder splunkforwarder-7.2.6-c0bf0f679ce9-Linux-x86_64 for quite a while without issues. I now wanted to upgrade to the latest one, 9.0.2 so I downloaded it and ran it just like I did with the old version. However, when starting it, 

${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes --no-prompt
 
It seems to crash with
 
Error calling execve(): No such file or directory
Error launching command: Invalid argument
 
I then tried the latest 8.x.x version, 8.2.9 and that worked perfectly fine.
 
What has changed between version 8 and 9? Any new requirements I am not aware of?
Labels (3)
Tags (3)
Reply

blaha1
Explorer
‎10-13-2023 02:42 AM

Still having this error with 9.0.4 I'm afraid.

 

50b81383ef0d:/opt/splunkforwarder/bin# ./splunk start --accept-license --answer-yes --no-prompt
Warning: Attempting to revert the SPLUNK_HOME ownership
Warning: Executing "chown -R splunk /opt/splunkforwarder"

This appears to be your first time running this version of Splunk.
Creating unit file...
Error calling execve(): No such file or directory
Error launching  command: No such file or directory
Failed to create the unit file. Please do it manually later.


Splunk> The Notorious B.I.G. D.A.T.A.

Checking prerequisites...
        Checking mgmt port [8089]: open
                Creating: /opt/splunkforwarder/var/lib/splunk
                Creating: /opt/splunkforwarder/var/run/splunk
                Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n
                Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css
                Creating: /opt/splunkforwarder/var/run/splunk/upload
                Creating: /opt/splunkforwarder/var/run/splunk/search_telemetry
                Creating: /opt/splunkforwarder/var/spool/splunk
                Creating: /opt/splunkforwarder/var/spool/dirmoncache
                Creating: /opt/splunkforwarder/var/lib/splunk/authDb
                Creating: /opt/splunkforwarder/var/lib/splunk/hashDb
        Checking conf files for problems...
                Invalid key in stanza [webhook] in /opt/splunkforwarder/etc/system/default/alert_actions.conf, line 229: enable_allowlist (value: false).
                Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-9.0.4-de405f4a7979-linux-2.6-x86_64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security
Done

 

However, it seems to at least startup now and I can see in my splunk dashboard that logs are indeed coming in. So it does work but I have these errors.

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2023 03:50 AM

Hi

I think that this alert_action.conf error is still under the fixing?

You could get ride of that execve error by disabling boot-start and then enabling it again?

r. Ismo

0 Karma
Reply

blaha1
Explorer
‎10-20-2023 04:31 AM

I dont think Alpine includes systemd but uses OpenRC instead.

Tags (1)
0 Karma
Reply

blaha1
Explorer
‎10-13-2023 07:15 AM

If I run disable boot-start before I start it, this happens:

 

"${SPLUNK_HOME}/bin/splunk" disable boot-start
Error calling execve(): No such file or directory
Error launching  command: No such file or directory
execve: No such file or directory
  while running command /sbin/chkconfig
0 Karma
Reply

blaha1
Explorer
‎10-13-2023 04:17 AM

Hmm can you explain a bit more? What is this alert_action.conf doing? Not sure what you mean about the boot start thing. As I am running a docker container, it always boots and runs the startup command.   How do I disable it?

0 Karma
Reply

spenna
Explorer
‎11-23-2022 05:11 PM

I have this same problem with containers. Works in 8.x, but get the same failure in 9.x. Investigating.

0 Karma
Reply

spenna
Explorer
‎11-23-2022 05:20 PM

Adding the following to my compose file fixes the problem with docker containers in 9.x:

  splunk:
     tty: true

 

Reply

edgars
Explorer
‎02-08-2023 08:00 AM

Thank you! This fixed the issue afret I upgraded from 8.x to 9.x.

0 Karma
Reply

blaha1
Explorer
‎11-23-2022 11:26 PM

And if you are not using compose files, is there perhaps something that can be configured?

0 Karma
Reply

spenna
Explorer
‎11-24-2022 04:11 AM

I don’t know if there is a config option for splunk itself. With docker cli, you should be able to add the -t flag and it would be the same as the compose version. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-07-2022 07:39 AM

I can't find it documented, but going from 7 to 9 may be too much of a jump.  Now that you're on 8, installing 9 should work.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

blaha1
Explorer
‎11-07-2022 07:47 AM

 Its not really an upgrade, I'm using docker containers so its basically a fresh install everytime so to speak.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...