Splunk® Enterprise Security

Installation and Upgrade Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Plan the upgrade

This topic covers key considerations planning the Splunk App for Enterprise Security upgrade.

Order of operations

  1. Review this topic for changes required to support the latest release
  2. Upgrade Splunk Enterprise
  3. Upgrade the Enterprise Security app
  4. Review, upgrade, and deploy add-ons

Splunk Enterprise requirements

The Splunk App for Enterprise Security 3.1.1 requires Splunk Enterprise version 6.1.3 or 6.2.x on all search heads and indexers.

To plan the upgrade of the Splunk Enterprise environment, see Upgrade your distributed environment in the Splunk Enterprise documentation.

Hardware requirements

The reference hardware for Splunk Enterprise 6.1 and the Splunk App for Enterprise Security have changed. See Splunk Enterprise system requirements in this manual.

Installation prerequisites

The Splunk App for Enterprise Security 3.0 and later does not require the Sideview Utils app to be installed. Sideview Utils does not conflict with Enterprise Security, and you can retain it for legacy dashboards or other uses.

Review the Known Issues

For the latest details about known issues found in this release, see Known Issues in the Release Notes.

Enterprise Security Install App

The Enterprise Security Install App performs an upgrade only on an installation of Enterprise Security 2.4 or greater. The Install App does not support upgrades from Splunk Enterprise Security Suite 1.1.x.

The Enterprise Security Install App disables any prior version and displays a review of all changes before performing the upgrade. It also migrates custom searches, temporarily disables all correlation searches, changes the lookup files to new formats, and disables searches that have a naming conflict with Enterprise Security. The Enterprise Security Install App can print a report of all changes to be made before performing the upgrade. Printing the report is recommended.

Search head pooling considerations

In a environment with search head pooling, you must follow a specific order of operations for upgrading any app. See Upgrade a distributed environment with pooled search heads in the Splunk Enterprise documentation.

Deployment-apps

A copy of the latest add-ons or TA's are included with the Splunk App for Enterprise Security. When upgrading to the latest Enterprise Security app, the deployment-apps included with the Enterprise Security Install App should be used. The Enterprise Security Install App does not automatically upgrade or migrate any deployment-apps configurations. Use the Splunk Enterprise deployment server or other configuration management service to deploy the add-ons to the indexers and forwarders as required.

  • Once the upgrade has been run, the deployment-apps package is extracted into SplunkEnterpriseSecurityInstaller/default/src/etc/deployment-apps.
  • The deployment-apps package can also be extracted directly from the Enterprise Security Install App in the file SplunkEnterpriseSecurityInstaller/default/src/splunk_app_es-3.1.x-xxxxxx.zip

Important Any customizations made to the prior versions of deployment-apps must be manually migrated.

Changes to add-ons

See Release Notes: Add-ons in the Release Notes manual.

Last modified on 25 July, 2016
PREVIOUS
Search
  NEXT
Upgrade Splunk App for Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters