Upgrade

01 - Upgrade Standalone Instance

Upgrade or Update in a Splunk standalone instance

Updating the application on a minor release or upgrade to a major new release is totally transparent and uses Splunk standards.

IMPORTANT: As for any other Splunk Application, do never modify configuration files in the default directory but instead create your own copy in the local directory, such that updating the Application will not overwrite your custom settings

To update or upgrade in a standalone installation, you can:

  • Use the Splunk App manage built-in, Splunk automatically notifies you when a new version is available, the update can be done on the air through the Manager

  • Download the new version and use the Manager to proceed to update

  • Uncompress directly the content of the tar.gz archive in $SPLUNK_HOME/etc/apps and restart Splunk

02 - Upgrade Distributed Deployment

Upgrade or Update in a Splunk Distributed Deployment

Updating the application stack on a minor release or upgrade to a major new release is totally transparent and uses Splunk standard.

IMPORTANT: As for any other Splunk Application, do never modify configuration files in the default directory but instead create your own copy in the local directory, such that updating the Application will not overwrite your custom settings

Updating the applications in a Distributed Deployment context follows the same tracking than initial deployment, with three major pieces of the App:

distributed_steps.png

So, proceed in the order:

  • Update the indexer layer: Support Addon and Technical Addon

  • Update the search head layer: Core front-end application and Technical Addon

  • Update deployment servers to puch the new Technical Addon to your servers

Specific migration versions instructions may be required in the future and and will be exposed in the above upgrade guide.