Installation

[Windows] Upgrade 7.3.9 to Versions:<8.0.8 or:<8.1.1 Fails - libxml2.dll is missing.

nickhills
Ultra Champion

Upgrading from Splunk 7.3.9 to Versions before 8.0.8 or 8.1.1 will fail.

During the install process the installer will error with the following messages relating to the files:

libxml2.dll
libeay32.dll
ssleay32.dll

Screenshot 2022-02-04 at 12.31.25.pngScreenshot 2022-02-04 at 12.31.14.pngScreenshot 2022-02-04 at 12.31.04.png

 

 

 

 

 

 

 

 

 

 

 

 

After dismissing these messages, the installer rolls back and reverts to the previously installed version 7.3.9

This appears related to the dates on these files that the installer does not handle correctly and does not overwrite.
At the end of the failed install (before rollback) these 3 files are missing from the $SPLUNK_HOME/bin folder

I presume the installer removes (backs up) the original files and during the install process validates that the files to be installed are newer. In the case of these 3 files, the situation is not handled correctly and the installer fails to correctly remedy the situation.


 

If my comment helps, please give it a thumbs up!
Labels (2)
1 Solution

nickhills
Ultra Champion

Solution

Use the latest version of the Splunk release train.

Upgrading to the latest version of the destination version will mitigate this issue.

The Splunk documentation (https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/HowtoupgradeSplunk)

Suggests that to upgrade to the latest version, for 7.3.x starting points you need to migrate to a 8.0.x or 8.1.x version. In reality this is slightly more nuanced as there are specific version incompatibilities that need to be considered.

As a general rule, when performing updates, you should select the latest version of the release, even if this is an intermediate step to an eventual target version. 

7.3.9 > 8.1.72 > 8.2.4  (latest versions at date of this post)

 

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills
Ultra Champion

Solution

Use the latest version of the Splunk release train.

Upgrading to the latest version of the destination version will mitigate this issue.

The Splunk documentation (https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/HowtoupgradeSplunk)

Suggests that to upgrade to the latest version, for 7.3.x starting points you need to migrate to a 8.0.x or 8.1.x version. In reality this is slightly more nuanced as there are specific version incompatibilities that need to be considered.

As a general rule, when performing updates, you should select the latest version of the release, even if this is an intermediate step to an eventual target version. 

7.3.9 > 8.1.72 > 8.2.4  (latest versions at date of this post)

 

If my comment helps, please give it a thumbs up!

nickhills
Ultra Champion

Thanks to the Splunk Docs team for updating the table I referenced above. Hopefully this makes it clearer for anyone approaching this in the future!

If my comment helps, please give it a thumbs up!
0 Karma

nickhills
Ultra Champion

Workaround

From 7.3.9 > 8.0.0

Stop the splunk service using the services snapin.

Snapshot the VM/Backup the system

From the $SPLUNK_HOME/bin folder delete the following files (take backups first)

  • libxml2.dll
  • libeay32.dll
  • ssleay32.dll

Run the Splunk 8.0.0 installer (leaving the Splunk service stopped)
Validate that the install process completes and check and test the upgrade.

If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...