Installation

config of splunk lost after upgrade to 5.0

Motivator

I upgraded our preproduction splunk from 4.3 to 5.0

Alas while all files are still there as good as i can tell there seems to not have been any migration as all configuration settings are lost.

How can i initiate a migration of the 4.3 stuff? (apps, inputs, ldap configuration, roles, rolemapping to ldap groups yadda yadda)

ok, some progress... i now have merged it with enough success for it to dump

update: after merging manually the /$splunkhome/splunk/etc i get this
"
Last few lines of stderr (may contain info on assertion failure, but also could be old): 2012-10-30 16:44:03.553 +0100 Interrupt signal received 2012-10-30 16:47:07.343 +0100 splunkd started (build 140868) terminate called after throwing an instance of 'PluginException' what(): Indexer failed to start, will not continue. 2012-10-30 16:48:22.377 +0100 splunkd started (build 140868) terminate called after throwing an instance of 'PluginException' what(): Indexer failed to start, will not continue. 2012-10-30 16:49:30.096 +0100 splunkd started (build 140868) terminate called after throwing an instance of 'PluginException' what(): Indexer failed to start, will not continue. 2012-10-30 16:53:58.876 +0100 splunkd started (build 140868) terminate called after throwing an instance of 'PluginException' what(): Indexer failed to start, will not continue.
"

I disabled on CLI the apps that caused warnings on starting splunk service but it must be somewhere else... 😕

Tags (2)
0 Karma
1 Solution

Influencer

Hi,

Assuming nothing has changed dramatically, which I doubt it has:

  • Make a back-up of the configuration file directory (i.e. $SPLUNK_HOME/etc)
  • Copy this etc directory to the new installation
  • Restart Splunk

Hope this helps

View solution in original post

Splunk Employee
Splunk Employee

That's very strange. A few questions:

  • Which OS?
  • Which package type (.rpm, .tgz, etc)?
  • What was the exact upgrade steps you took (how uninstalled, how installed, etc.)?

The migration trigger is a file, named "ftr", that lives in the root of your Splunk installation. This file is present at install/upgrade time, and is deleted by a successful migration. However, if migration somehow managed to be skipped, usually your configuration would still be in good shape...

Also, take a look earlier in splunkd.log, before the PluginException messages that you pasted above. There should be WARN or ERROR messages from IndexProcessor indicating why it failed to come up.

Motivator

yep i had two warns for extractions in a app each. Which i disabled then on CLI however there was never an attempt to migrate which explaines a lot i guess. The upgrade info online seems to be woefully underspecific. It is however the first time i have trouble updating (all the 4.x point releases were smooth sailing)

we use SLES 10 on x64 and i used the rpm to upgrade.
(2.6.32.59-0.3-default #1 SMP 2012-04-27 11:14:44 +0200 x86_64 x86_64 x86_64 GNU/Linux )

0 Karma

Influencer

Hi,

Assuming nothing has changed dramatically, which I doubt it has:

  • Make a back-up of the configuration file directory (i.e. $SPLUNK_HOME/etc)
  • Copy this etc directory to the new installation
  • Restart Splunk

Hope this helps

View solution in original post

Motivator

um, did try - not so much luck yet. but thanks, maybe someone else has a step more at hand?

0 Karma