Update Splunk Enterprise Single Instance
In this blog post, the Splunk update process of a Splunk Enterprise single instance is described.
First of all, a backup of the Splunk configuration is performed:
tar cvzf splunk-backup-17-03.tar.gz /opt/splunk/etc/
Download newest version of Splunk Enterprise on the Splunk homepage. I used the wget command to download the newest Splunk Enterprise rpm file:
wget -O splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.4.2&product=splunk&filename=splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm&wget=true'
Subsequently, stop Splunk Enterprise as splunk user:
/opt/splunk/bin/splunk stop
Install Splunk Enterprise as root user:
rpm -U splunk-7.2.4.2-fb30470262e3-linux-2.6-x86_64.rpm
Switch back to the splunk user:
su - splunk
Then, start Splunk:
/opt/splunk/bin/splunk start
I performed the migration without reviewing the configuration changes.
Afterwards, check if everything works as expected:
Thank you for reading. Leave a comment, if that helped you.