Splunk Phantom repositories and signing keys packages
You will need to have the correct source repositories and the corresponding signing keys installed on your Splunk Phantom instance or cluster nodes in order to upgrade.
For a clustered deployment, install these repositories on cluster nodes that run Splunk Phantom. You do not need to install them on a Shared Services server, or servers providing external services to your Splunk Phantom cluster, such as load balancers or proxy servers, PostgreSQL database server, or a GlusterFS fileshare.
For privileged Splunk Phantom deployments with internet access
Splunk Phantom requires incremental upgrades from earlier versions. Do not skip any required versions when upgrading Splunk Phantom.
Use these commands to install the correct source repositories and signing keys package when the instructions call for you to install them. Replace the variables with the version numbers for version of Splunk Phantom to which you are upgrading.
For example, if you are upgrading from version 4.10.0.40961 to version 4.10.1.45070, and your instance is on Red Hat Enterprise Linux 7, use the following command:
rpm -Uvh https://repo.phantom.us/phantom/4.10/base/7Server/x86_64/phantom_repo-4.10.1.45070-1.x86_64.rpm
For unprivileged deployments, or deployments with limited internet access the repository and signing key contents are delivered in the upgrade tar file.
OS | Command |
---|---|
CentOS 7 | rpm -Uvh https://repo.phantom.us/phantom/<major version.minor version>/base/7/x86_64/phantom_repo-<major version.minor version.release.build number>-1.x86_64.rpm |
RHEL 7 | rpm -Uvh https://repo.phantom.us/phantom/<major version.minor version>/base/7Server/x86_64/phantom_repo-<major version.minor version.release.build number>-1.x86_64.rpm |
Replace <major version.minor version>
and <major version.minor version.release.build number>-1
with the Splunk Phantom release and build numbers provided in this table:
Splunk Phantom Release Version | Splunk Phantom Release and Build Number |
---|---|
2.1 | 2.1.486 |
3.0 | 3.0.284 |
3.5 | 3.5.210 |
4.0 | 4.0.1068 |
4.1 | 4.1.94 |
4.2 | 4.2.7532 |
4.5 | 4.5.15922 |
4.6 | 4.6.19142 |
4.8 patch 1 | 4.8.24304 |
4.9 Release 5 | 4.9.39220 |
4.10 | 4.10.0.40961 |
4.10.1 | 4.10.1.45070 |
For Splunk Phantom deployments without internet access or unprivileged deployments
Contact Splunk Phantom Support to get access to the correct installer tar file. Once access has been granted, you can download the file from the Splunk Phantom community website.
For Splunk Phantom deployments with limited internet access
Offline upgrade tar files are available for these operating systems:
- Red Hat Enterprise Linux 7.6 through 7.9
On your Splunk Phantom instance or on each cluster node:
- Make a directory for the tar file. mkdir /usr/local/src/upgrade-<version>
- Change to the created directory. cd /usr/local/src/upgrade-<version>
- Download the Official Offline RPMs for your operating system from the Splunk Phantom community website Product Downloads page to the directory.
- (Conditional) If you do not see the Official Offline RPMs on the product downloads page, you must submit a support request to get access.
- Extract the tar file. tar -xvzf phantom_offline_setup_<OS>-<version>.tgz
For unprivileged Splunk Phantom deployments
On your Splunk Phantom instance or on each cluster node:
- Download the Official Unprivileged Tarball file for your operating system from the Splunk Phantom community website Product Downloads page.
- (Conditional) If you do not see the Official Unprivileged Tarball on the product downloads page, you must submit a support request to get access.
- Copy the installation tar file to the directory where Splunk Phantom was installed. This is the
PHANTOM_HOME
directory. - Do this step as the user account that runs Splunk Phantom. On an unprivileged virtual machine image or AMI-based deployment, this user account is "phantom."
Extract the installation tar file.tar -xvzf phantom-<version>.tgz
Splunk Phantom upgrade overview and prerequisites | Convert a privileged deployment to an unprivileged deployment |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.10, 4.10.1
Feedback submitted, thanks!