×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
chuckpnla
New Member
Member since: ‎08-06-2024
‎08-06-2024
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-06-2024
View All

Re: Splunk Universal forwarder upgrade - issues - ...

by in Installation
‎08-06-2024 07:02 PM
‎08-06-2024 07:02 PM
Intestesting because I didn't decide to uninstall first, I was told by support to do it. ... View more

Splunk Universal forwarder upgrade - issues - Univ...

by in Installation
‎08-06-2024 12:22 PM
‎08-06-2024 12:22 PM
When we attempted to upgrade Splunk Universal Forwarder on our windows servers, they repeatedly failed.  Here is a windows script that solved the issue below.  The issue was cause by the registry keys that remained after uninstalling the previous version of splunk: REM Set current directory cd %~dp0 REM Uninstall any existing Splunk versions - if no versions are present, the script will continue wmic product where "name like '%%universalforwarder%%'" call uninstall REM Remove Splunk installation reg keys reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\771F943D524B4D44EB7F87D16BBECDE4 /f reg delete HKEY_CLASSES_ROOT\Installer\Products\771F943D524B4D44EB7F87D16BBECDE4 /f reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\771F943D524B4D44EB7F87D16BBECDE4 /f reg delele "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13631B46466632F4FA2E89CF8E9602DB" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\splunkd.exe" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\splunk-winevtlog.exe" /f reg delete "HKEY_CLASSES_ROOT\Installer\Products\771F943D524B4D44EB7F87D16BBECDE4" /f reg delele "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\SV100012\79ceb0e4-9f86-11ee-a216-000d3ac2f180" /f reg delele "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\SV100018\38c9b010-d5c3-11ee-a218-000d3ac2f180" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\SV100019\affe40ec-d660-11ee-a218-000d3ac2f180" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\System\SV10001F\c19eef51-4dd7-11ef-a21c-000d3ac2f180" /f reg delete "HKLM:\SOFTWARE\Classes\Installer\Features\B0271F4D65C5D084FA81634DC56AD4AE" /f reg delete "HKLM:\SOFTWARE\Classes\Installer\UpgradeCode\13631B46466632F4FA2E89CF8E9602DB" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\" /v "C:\Program Files\SplunkUniversalForwarder\" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\splunk-perfmon.exe" /f reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-80-972488765-139171986-783781252-3188962990-3730692313" /f reg delete "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{775313CB-929D-442C-8B52-2ED391D816E2}" /f REM Install Splunk - set to passive to allow installer to see progress or errors msiexec.exe /i splunkforwarder-9.2.2-d76edf6f0a15-x64-release.msi SPLUNKUSERNAME="SplunkUser" SPLUNKPASSWORD="password" DEPLOYMENT_SERVER="USW-SPLUNKDPL-1:8089" AGREETOLICENSE=yes /passive REM Start Splunk Service net start SplunkForwarder REM Install SPL file "c:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" install app splunkclouduf.spl -auth SplunkAdmin:pasword REM Stop and start Splunk service to enable SPL net stop SplunkForwarder net start SplunkForwarder exit ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-06-2024 10:23 PM