Loading…

IT Security Blog

Click the button below to start exploring my website
Start exploring

Update Splunk Enterprise Single Instance

In this blog post, the Splunk update process of a Splunk Enterprise single instance is described.

First of all, a backup of the Splunk configuration is performed:

tar cvzf splunk-backup-17-03.tar.gz /opt/splunk/etc/

Download newest version of Splunk Enterprise on the Splunk homepage. I used the wget command to download the newest Splunk Enterprise rpm file:

wget -O splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.4.2&product=splunk&filename=splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm&wget=true'

Subsequently, stop Splunk Enterprise as splunk user:

/opt/splunk/bin/splunk stop

Install Splunk Enterprise as root user:

rpm -U splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm

Switch back to the splunk user:

su - splunk

Then, start Splunk:

/opt/splunk/bin/splunk start

I performed the migration without reviewing the configuration changes.

Afterwards, check if everything works as expected:

Thank you for reading. Leave a comment, if that helped you.