Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk rolls back to previous version on while upgrading

sudhir7
Explorer
‎12-22-2019 03:19 AM

We have Splunk cluster architecture with 1 cluster master, 2 indexers, and 1 search head.
We have successfully upgraded cluster master and search head from version 7.2.0 to 8.0.1.
While upgrading indexers it gets about 80% through the file transfer then begins to roll back the install and restores it to the original state i.e. 7.2.0.
Has anyone else faced a similar situation?

0 Karma
Reply

woodcock
Esteemed Legend
‎12-24-2019 11:42 AM

There is a default log file in AppData/Local/Temp/splunk.log, and you can force more logging with $ msiexec /I <splunk-MSI> /l*v <log-file>. The problem almost always ends up being that Splunk cannot write to the disk because of a permissions problem.

Here is a step-by-step solution that should always work:

Move installation file (.msi) to the `temp` folder here:
   C:\Temp\splunk-7.3.1.1-7651b7244cf2-x64-release.msi
Open a command prompt (CMD) with administrative privileges and start installation with enhanced logging:
   msiexec /i c:\temp\splunk-7.3.1.1-7651b7244cf2-x64-release.msi /l*vx msiexec.log
Change the default installation folder/path in setup wizard, choose a folder other than the default program folders (C:\Program Files, C:\Program Files (x86) etc.) because of possible corporate restrictions/policies (folder permissions). Start with `Temp` again:
   C:\Temp\Splunk\
The setup wizard should continue and install Splunk as expected with no errors.  I am not suggesting that you run it permanently from there, but this is a good test for permissions problems.
0 Karma
Reply

jhornsby_splunk
Splunk Employee
Splunk Employee
‎12-24-2019 05:39 AM

Hi @sudhir7,

To troubleshoot this further, I'd recommend enabling MSI logging. Here's an example:

msiexec /l*vx msiexec.log /i splunk-8.0.1-6db836e2fb9e-x64-release.msi

Once the installation has completed, search the log for return value 3, and whatever occurs just prior is the problem.

Cheers,

- Jo.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-22-2019 09:19 AM

What error messages do you see?

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...