Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Plan the upgrade

Plan your upgrade of the Splunk App for PCI Compliance. You must be familiar with the app and have administrative knowledge of the Splunk platform to complete the upgrade.

Minimum requirements for upgrade

  • Make sure your hardware and software versions are compatible with the new version by reviewing the Deployment options.
  • Review the Known Issues and Release Notes in the Release Notes to understand the new features and functionality.

Planning the upgrade

The Splunk App for PCI Compliance upgrade process assumes the following:

  • You have an installation of the Splunk App for PCI Compliance 3.0.x and the required add-ons in a single-instance Splunk deployment or on a dedicated search head in a distributed Splunk deployment.
  • You are running Splunk Enterprise 6.4.x or later on a supported Linux or Windows system

Order of operations for upgrading

  1. Review this topic and any linked items to view the changes in the latest release.
  2. Upgrade Splunk platform instances.
  3. If installing the Splunk App for PCI Compliance (for Splunk Enterprise Security), upgrade the Splunk Enterprise Security search head instance.
  4. Upgrade Splunk App for PCI Compliance. See Upgrade the Splunk App for PCI Compliance.
  5. Review, upgrade, and deploy add-ons.

Search head clustering considerations

Upgrading a Splunk App for PCI Compliance deployment on a search head cluster is a multi-step process. The recommended procedure is detailed in Upgrading the Splunk App for PCI Compliance on a search head cluster in this manual.

Using the Splunk App for PCI Compliance installer

Splunk App for PCI Compliance supports upgrading from the previous minor version of the app. Performing a full backup of the search head is recommended as the upgrade process will not backup the existing installation before upgrading.

  • The upgrade of the Splunk App for PCI Compliance on a search head will not complete if apps or add-ons included in the Splunk App for PCI Compliance package are managed by a deployment server. Before beginning an upgrade, remove the deploymentclient.conf containing references to the deployment server and restart Splunk services.
  • The upgrade process will overwrite all prior or current versions of apps and add-ons, and it will inherit any configuration changes and files saved in the app /local and /lookups paths.
  • The upgrade process will not overwrite a newer version of an app or add-on.
  • An app or add-on that was disabled in the prior version will remain disabled after the upgrade.

Upgrading distributed add-ons

A copy of the latest add-ons are included with the Splunk App for PCI Compliance. When upgrading the Splunk App for PCI Compliance, review and deploy all add-ons to indexers and forwarders as required. The Splunk App for PCI Compliance installation process does not automatically upgrade or migrate any configurations deployed to the indexers or forwarders.

Any customizations made to the prior versions of an add-on must be manually migrated.

Last modified on 26 January, 2018
Configure Incident Workflow   Upgrade the Splunk App for PCI Compliance

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters