Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Upgrade to 9.3.2 appears to have broken my installation

zarchitect
New Member
‎12-13-2024 07:10 AM

Hi all, I was upgrading Splunk Enterprise from 9.0.x to 9.2.4 and then 9.3.2. When I try to restart the Splunk Service I get the following:

Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.
Unit Splunkd.service entered failed state.
Splunkd.service failed.
Splunkd.service holdoff time over, scheduling restart.
Stopped Systemd service file for Splunk, generated by 'splunk enable boot-start'.
start request repeated too quickly for Splunkd.service
Failed to start Systemd service file for Splunk, generated by 'splunk enable boot-start'.
Unit Splunkd.service entered failed state.
Splunkd.service failed.
 
I'll add from a Splunk standpoint I am a complete noob. I did some research on the upgrade process and followed the Splunk documentation. 
 
TIA!
Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-13-2024 07:53 AM
Was this issue wit 9.2.4 or after that when you are starting it wit 9.3.2?
Which Linux os distro and version you have and are those same as earlier?
0 Karma
Reply

zarchitect
New Member
‎12-13-2024 07:55 AM

Starting with 9.3.2. It's running on Amazon Linux 2.

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-13-2024 07:59 AM
In which user you are running it and how (exactly) you did upgrade?
Is this all in one or distributed environment?
There was no error when you start it with 9.2.4?
0 Karma
Reply

zarchitect
New Member
‎12-13-2024 08:24 AM

All-in-one environment. The user account on the machine I used was ec2-user. I assume, but am not sure if that was the user used to do the original install. 

Honestly, I didn't try to start the instance after the 9.2.4 upgrade. I was on 9.0. Did the applied the 9.2.4 upgrade and then immediately applied the 9.3.2 upgrade. 

I user the tgz upgrade file and followed the 9.3.2 upgrade documentation.

Again, total noob here. 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-13-2024 02:21 PM
Unless you start splunk with all those mid versions it didn’t do those conversations etc actions which are needed before next update. Now you have done direct update from 9.0.x to 9.3.2 and this is not supported way.
Usually splunk has installed as root, but it should run as splunk (or other non root) user.
Have you look what logs said especially migration.log and splunkd.log?
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
li.common.scroll-to.top