Upgrade to 4.1 on Linux, Solaris, FreeBSD, HP-UX, AIX, and MacOS
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Upgrade to 4.1 on Linux, Solaris, FreeBSD, HP-UX, AIX, and MacOS
This topic describes the procedure for upgrading your Splunk instance from version 4.0.x to a later version.
Before you upgrade
Make sure you've read this information before proceeding, as well as the following:
Back your files up
Before you perform the upgrade, we strongly recommend that you back up all of your files, including Splunk configurations, data and binaries. Splunk does not provide a means of downgrading to previous versions; if you need to revert to an older Splunk release, just reinstall it.
Inputs are disabled by default in the *Nix and Windows apps
Inputs in the Windows or *Nix apps are disabled by default in 4.1. If you're using inputs that belong to the Windows or *Nix apps that shipped with 4.0.x and want to make sure they stay enabled after the upgrade, copy the inputs.conf file from $SPLUNK_HOME/etc/apps/<Windows_or_*Nix_app>/default and put it in $SPLUNK_HOME/etc/apps/<Windows_or_*Nix_app>/local .
How upgrading works
When you upgrade your configuration files are not actually changed until you start Splunk after performing the installation of the new version. You can run the migration preview utility at that time to see what will be changed before the files are updated. If you choose to view the changes before proceeding, a file containing the changes that the upgrade script proposes to make is written to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>
Steps for upgrading
1. Execute the $SPLUNK_HOME/bin/splunk stop command.
Important: Make sure no other processes will start Splunk automatically (such as Solaris SMF).
2. To upgrade and migrate from version 4.0 and later, install the Splunk package over your existing Splunk deployment:
- If you are using a .tar file, expand it into the same directory with the same ownership as your existing Splunk instance. This overwrites and replaces matching files but does not remove unique files.
- If you are using a package manager, such as an RPM, type
rpm -U splunk_package_name.rpm - If you are using a .dmg file (on MacOS), double-click it and follow the instructions. Be sure specify the the same installation directory as your existing installation.
- If you use init scripts, be sure to include the following so the EULA gets accepted:
./splunk start --accept-license ./splunk enable boot-start
3. Execute the $SPLUNK_HOME/bin/splunk start command.
The following output is displayed:
This appears to be an upgrade of Splunk. -------------------------------------------------------------------------------- Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension. You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade: If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'. If you want to see what changes will be made before you proceed with the upgrade, choose 'n'. Perform migration and upgrade without previewing configuration changes? [y/n]
4. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away.
5. If you choose to view the expected changes, the script provides a list.
6. Once you've reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.
Note: You can complete Steps 3 to 5 in one line:
To accept the license and view the expected changes (answer 'n') before continuing the upgrade:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y'):
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.
Comments
this is BS - all presaved splunk searches that were created prior to this "upgrade" got wiped out... should have at least mentioned it to save people time from upgrading and wasting time.
hi Sheeshkebab:
sounds like you may have put your saved searches in $SPLUNK_HOME/etc/system/default/savedsearches.conf rather than in a new copy of savedsearches.conf in $SPLUNK_HOME/etc/system/local ?
check this topic out for more info:
http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles
if this isn't what happened, i recommend you provide the details of your upgrader to Splunk Support or post them to answers.splunk.com.