Upgrade Splunk on Windows
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Upgrade Splunk on Windows
This topic describes the procedure for upgrading your Windows Splunk instance from version 4.x to a later version. You can upgrade using the GUI installer, or by running msiexec on the commandline as described in "Install on Windows via the commandline".
Note: The Windows App was enabled by default in its app.conf file in versions 4.0-4.0.2. Starting in version 4.0.3, it is disabled in this file by default. Read on for important details:
- If you're upgrading from 4.0-4.0.2 to 4.0.3 or later, the Windows App will be disabled, even if it was enabled in the version you're upgrading from.
- If you're doing a fresh installation of 4.0.3 or later, the Windows App is enabled by default via the MSI and if you want to install it in a disabled state, you must specify this using the SPLUNK_APP msiexec command as described in "Install on Windows via the commandline".
Before you upgrade
Important: When upgrading, you must explicitly specify the same domain user that you specified during first time install. If you do not specify the same user, Splunk will default to using the Local System User. If you accidentally specify the wrong user during your installation, use the instructions in these instructions to switch to the correct user before starting Splunk.
Important: Before you perform the upgrade, we strongly recommend that you back up all of your files, including Splunk configurations, data and binaries. Splunk does not provide a means of downgrading to previous versions; if you need to revert to an older Splunk release, just reinstall it.
Upgrading using the GUI installer
1. Stop Splunk either using the Windows Start menu option or by executing the $SPLUNK_HOME/bin/splunk stop command.
2. Download the new MSI file from the Splunk download page.
3. Double-click the MSI file. The Welcome panel is displayed. Follow the onscreen instructions to upgrade Splunk. For information about each panel, refer to the installation instructions.
4. Splunk will start up by default when you complete the installation.
A log of the changes made to your configuration files during the upgrade is placed in $TEMP$.
Upgrading using the commandline
1. Stop Splunk either using the Windows Start menu option or by executing the $SPLUNK_HOME/bin/splunk stop command.
2. Download the new MSI file from the Splunk download page.
3. Use the instructions in "Install on Windows via the commandline". If Splunk is running as a user other than the Local System user, you must explicitly specify this user in your commandline. You can change the ports (SPLUNKD_PORT and WEB_PORT) at this time, and also use the LAUNCHSPLUNK option to specify whether Splunk should start up automatically or not when you're finished, but you cannot change any other settings.
4. Depending on your specification, Splunk may start automatically when you complete the installation.
A log of the changes made to your configuration files during the upgrade is placed in $TEMP$.
Start Splunk
On Windows, Splunk is installed by default into \Program Files\Splunk and is started by default.
You can start and stop the following Splunk processes via the Windows Services Manager:
- Server process:
splunkd - Web interface process:
splunkweb
You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing
# splunk [start|stop|restart]
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.