Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Upgrade to 9.3.2 appears to have broken my installation

zarchitect
New Member
a week ago

Hi all, I was upgrading Splunk Enterprise from 9.0.x to 9.2.4 and then 9.3.2. When I try to restart the Splunk Service I get the following:

Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.
Unit Splunkd.service entered failed state.
Splunkd.service failed.
Splunkd.service holdoff time over, scheduling restart.
Stopped Systemd service file for Splunk, generated by 'splunk enable boot-start'.
start request repeated too quickly for Splunkd.service
Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.
Unit Splunkd.service entered failed state.
Splunkd.service failed.
 
I'll add from a Splunk standpoint I am a complete noob. I did some research on the upgrade process and followed the Splunk documentation. 
 
TIA!
Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
a week ago
Was this issue wit 9.2.4 or after that when you are starting it wit 9.3.2?
Which Linux os distro and version you have and are those same as earlier?
0 Karma
Reply

zarchitect
New Member
a week ago

Starting with 9.3.2. It's running on Amazon Linux 2.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
a week ago
In which user you are running it and how (exactly) you did upgrade?
Is this all in one or distributed environment?
There was no error when you start it with 9.2.4?
0 Karma
Reply

zarchitect
New Member
a week ago

All-in-one environment. The user account on the machine I used was ec2-user. I assume, but am not sure if that was the user used to do the original install. 

Honestly, I didn't try to start the instance after the 9.2.4 upgrade. I was on 9.0. Did the applied the 9.2.4 upgrade and then immediately applied the 9.3.2 upgrade. 

I user the tgz upgrade file and followed the 9.3.2 upgrade documentation.

Again, total noob here. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
a week ago
Unless you start splunk with all those mid versions it didn’t do those conversations etc actions which are needed before next update. Now you have done direct update from 9.0.x to 9.3.2 and this is not supported way.
Usually splunk has installed as root, but it should run as splunk (or other non root) user.
Have you look what logs said especially migration.log and splunkd.log?
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...