Getting Data In

Does Splunk Windows installer generates any logs during the install process?

Ledio_Ago
Splunk Employee
Splunk Employee

Splunk Windows installer, the msi package, is used to install new Splunk instances or upgrade/update existing Splunk instances. Does the installer generate any logs, and if so where are they located?

1 Solution

gkanapathy
Splunk Employee
Splunk Employee

I am not certain if it does so by default for successful installations, but you can control the logging level and location of the log files by providing command line options using the /l switch if you run the Splunk installer using msiexec.exe. More information is here: http://support.microsoft.com/kb/227091

An excerpt is here, and can also be displayed from Windows by calling msiexec.exe /?

/l      [i|w|e|a|r|u|c|m|p|v|+|!]Logfile          Specifies the log 
                                                  file path and
                                                  indicates the flags 
                                                  to be logged.

                                                  i - Status messages.

                                                  w - Non-fatal warnings.

                                                  e - All error messages.

                                                  a - Startup of actions.

                                                  r - Action-specific
                                                  records

                                                  u - User requests.

                                                  c - Initial User
                                                  Interface (UI) 
                                                  parameters

                                                  m - Out-of-memory.

                                                  p - Terminal properties.

                                                  v - Verbose output.

                                                  + - Appends to the
                                                  existing file.

                                                  ! - Clears each line in
                                                  the log file.

                                                  "*" - Wildcard.
                                                  Logs all information,
                                                  but the use of the v
                                                  option is not included.
                                                  To include the v option,
                                                  type "/l*v."

View solution in original post

Ledio_Ago
Splunk Employee
Splunk Employee

As mentioned by gkanapathy and Mick at install time the MSI engine logs the install and uninstall activity of Splunk installer. In 2003/XP you'll have to enable this by running the installer via the msiexec and using the "-l" option. On Vista/2008/Win7 this happens by default and the log file typically is named like "MSIfb94.log". In addition to the MSI engine logging, Splunk install code also logs its activity too. Those log lines start with "* ", eg:

*** EnableBootStartInvisible: Start  
MSI (s) (90!9C) [15:31:55:280]: Creating MSIHANDLE (46) of type 790531 for thread 4764  
*** _LaunchAppEx: Create process executing: cmd.exe /c ""C:\Program Files\Splunk\bin\splunk.exe" enable boot-start-loop --answer-yes --no-prompt --accept-license >> C:\Users\ledio\AppData\Local\Temp\Splunk-107.1.14133.log 2>>&1"  
*** _LaunchAppEx: WaitForSingleObject retval=0, exitCode=0  
MSI (s) (90!9C) [15:32:26:983]: Creating MSIHANDLE (50) of type 790531 for thread 4764  
*** EnableBootStartInvisible: Finished  

Another log file created during install time and stored in %temp% is one that captures the STDOUT of every Splunk command executed during the install process and that includes commands like:

splunk.exe enable boot-start
splunk.exe start
splunk.exe stop
...

If the installer failed for any reason these are the two files you'll need to be paying attention too.

Cheers,
Ledio

Mick
Splunk Employee
Splunk Employee

An example of how to use this would be -

`C:\Downloads> msiexec /i splunk-4.1.1-78212-x86-release.msi /lv C:\tmp\splunkInstall.log

This is only necessary on Win 2003 and earlier, by default Vista and 2008 will create a log automatically in the 'Temp' directory. Hit 'Start/Run' and type '%Temp% to bring it up in Explorer

gkanapathy
Splunk Employee
Splunk Employee

I am not certain if it does so by default for successful installations, but you can control the logging level and location of the log files by providing command line options using the /l switch if you run the Splunk installer using msiexec.exe. More information is here: http://support.microsoft.com/kb/227091

An excerpt is here, and can also be displayed from Windows by calling msiexec.exe /?

/l      [i|w|e|a|r|u|c|m|p|v|+|!]Logfile          Specifies the log 
                                                  file path and
                                                  indicates the flags 
                                                  to be logged.

                                                  i - Status messages.

                                                  w - Non-fatal warnings.

                                                  e - All error messages.

                                                  a - Startup of actions.

                                                  r - Action-specific
                                                  records

                                                  u - User requests.

                                                  c - Initial User
                                                  Interface (UI) 
                                                  parameters

                                                  m - Out-of-memory.

                                                  p - Terminal properties.

                                                  v - Verbose output.

                                                  + - Appends to the
                                                  existing file.

                                                  ! - Clears each line in
                                                  the log file.

                                                  "*" - Wildcard.
                                                  Logs all information,
                                                  but the use of the v
                                                  option is not included.
                                                  To include the v option,
                                                  type "/l*v."
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...