Splunk® App for SOAR

Install and Configure Splunk App for SOAR

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Upgrade Splunk App for SOAR on Splunk Enterprise

This article describes how to upgrade from the Splunk App for SOAR version 1.0.0 to version 1.0.38 with Splunk Enterprise.

Before you begin

Before you begin the upgrade process, be sure to perform the following steps:

  • Check the prerequisites and required steps described in Check prerequisites for Splunk App for SOAR.
  • Back up your files from the command line by copying the complete directory $SPLUNK_HOME/etc/apps/splunk_app_soar to another location that is not under $SPLUNK_HOME/etc/apps.

Upgrade the Splunk App for SOAR on a single search head

To upgrade from the Splunk App for SOAR version 1.0.0 to version 1.0.38 on a single search head, follow these steps:

  1. Download the latest version of the Splunk App from SOAR from Splunkbase.
  2. Open your Splunk Enterprise instance.
  3. In the Apps panel, click the gear icon.
  4. Select Install app from file.
  5. Upload the Splunk App for SOAR file.
  6. Select that you want to upgrade the add-on. If the add-on already exists, making this selection overwrites it.

Upgrade the Splunk App for SOAR on a search head cluster

Use a deployer to install Splunk App for SOAR in a search-head cluster environment. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.

After upgrading, the server configurations and audit inputs may not be synced properly across all search heads. To address this situation, follow these steps:

  1. Open your Splunk Enterprise instance.
  2. Under the Configurations tab, locate the SOAR server configuration and/or audit input that you want to replicate across the search head cluster.
    • For server configuration you want to replicate: Under the Actions column, click Manage, then click Edit Server. Do not make any changes to the configuration. Then click Save.
    • For audit input replication, first complete the replication step for its corresponding server configuration, then under Manage, select Edit Server. Do not make any changes to the configuration. Then click Save

If you are installing Splunk App for SOAR on a Splunk Enterprise clustered environment with an indexer cluster, you must install the app on the manager node. You must then create indexes from the manager node. To create indexes, open Splunk App for SOAR in the manager node, go to the Configurations tab, and then select Create Indexes.

Last modified on 06 July, 2023
PREVIOUS
Install Splunk App for SOAR on Splunk Cloud Platform 		  NEXT
Upgrade the Splunk App for SOAR on Splunk Cloud Platform

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.38, 1.0.41, 1.0.57

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters