In this blog post, the Splunk update process of a Splunk Enterprise single instance is described.
First of all, a backup of the Splunk configuration is performed:
tar cvzf splunk-backup-17-03.tar.gz /opt/splunk/etc/
Download newest version of Splunk Enterprise on the Splunk homepage. I used the wget command to download the newest Splunk Enterprise rpm file:
wget -O splunk-184.108.40.206-fb30470262e3-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=220.127.116.11&product=splunk&filename=splunk-18.104.22.168-fb30470262e3-linux-2.6-x86_64.rpm&wget=true'
Subsequently, stop Splunk Enterprise as splunk user:
Install Splunk Enterprise as root user:
rpm -U splunk-22.214.171.124-fb30470262e3-linux-2.6-x86_64.rpm
Switch back to the splunk user:
su - splunk
Then, start Splunk:
I performed the migration without reviewing the configuration changes.
Afterwards, check if everything works as expected:
Thank you for reading. Leave a comment, if that helped you.