Splunk® Enterprise

Upgrade Readiness

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Release notes for the Upgrade Readiness App

The Upgrade Readiness App version 4.0.x is present by default in Splunk Cloud Platform 8.2.2203 and several higher versions, and Splunk Enterprise 9.0.x. When newer versions of the Upgrade Readiness App are released, Splunk makes them available on Splunkbase.

Feature updates

Version Introduced Description
4.0.0 The Splunk Upgrade Readiness app now includes a tab to scan for Splunk platform compatibility. Use this scan to assess if your deployment is ready for upgrade to Splunk Enterprise 9.0
3.1.0 All active admin or sc_admin users receive weekly emails by default. Users can enable or disable weekly email notifications. Emails are sent with recipients on bcc, and the email template contains more information. For more information, see Manage weekly emails from the Upgrade Readiness App.
3.1.0 Apps that previously passed the Hotlinking Splunk Web Library check might fail now. The disAllowList.json file now contains new disallowed inputs, which the app scans in the make_url function. Remove these disallowed inputs from your app in order to pass the scan.
3.0.2 The Upgrade Readiness App is now visible only to users with admin or sc_admin roles. Users with the an admin or sc_admin name can view the app, but can't see scanned apps, schedule app scans, or change weekly email notifications.
3.0.2 The Splunk User Behavior Analytics and Splunklib apps are now excluded from scans.
3.0.1 Removed the ability to perform ad-hoc scans.
3.0.1 Added the option to cancel the scheduled scan.
3.0.1 You can can now view a merged report of search head and indexer data in a single interface. Files present on a search head only are tagged as local, files present on an indexer only are tagged remote, and files present on both have both tags.
3.0.1 You can now schedule a scan on a remote Indexer from a search head. The new schedule takes effect after 2 hours.
3.0.1 You can view the number of dismissed public and private apps in the scan summary.
3.0.1 Splunk Cloud Platform users can request to upgrade from Python 2 to Python 3. The request is stored in Skynet and completed by TechOps team members. You can view all requests in the Python version tab of the Upgrade Readiness app, and retract a request if your deployment is not yet upgraded. Once your deployment is upgraded, all admins receive an email notifying them that the upgrade is complete.
3.0.1 Public apps that do not have a version in Splunkbase are flagged as failed. A warning message displays next to the name of the application.
3.0.1 You can now scan for jQuery vulnerabilities on the jQuery Scan tab of the Upgrade Readiness app. Scans are conducted on the following criteria. These criteria are based on the AppInspect jQuery scan logic. Private apps can fail the scan on any of these points, while public apps are only evaluated on the first two points.
  • Dashboard XML files that are not tagged version 1.1 or higher.
  • Packaged jQuery libraries with a version lower than jQuery 3.5.
  • All application JS files that reference files on the disallowed list.

All other scan features are identical to the Python Scan tab.

Known issues and troubleshooting

Version Description Workaround
All versions If you install a higher version of the Upgrade Readiness App, and then later upgrade your Splunk platform deployment to a higher version, then the Upgrade Readiness App might revert to a lower version. For example, if you install the Upgrade Readiness App 3.1.0 on your Splunk Enterprise 8.2.3 deployment, and then upgrade to Splunk Enterprise 8.2.4, the Upgrade Readiness App might revert back to version 1.0.0. Reinstall the highest version or your preferred version of the Upgrade Readiness App after upgrading your Splunk platform deployment.
2.0.0 and higher When you upgrade from a previous version of the Upgrade Readiness App, the following error message can appear in the UI:
name 'MERGED_DIR' is not defined
The app is generating a report. Wait 5 minutes for a report to load, and refresh the page to see a report, or a message indicating that the report does not exist.
2.0.0 and higher Splunkbase metadata is not fetched frequently enough. Modify the interval setting in the following scripted input stanza in the inputs.conf file:
script://$SPLUNK_HOME/etc/slave-apps/python_upgrade_readiness_app/bin/pura_get_all_apps.py

After updating the interval, you must restart your Splunk platform instance.

For more information on scripted inputs, see inputs.conf

For help setting the interval in cron format, see https://crontab.guru

2.0.0 and higher You need to scan a public app as a private app. You can convert a public app to a private app for scanning purposes:
  1. Add the public app folder to the lookup file at the following location:
    $SPLUNK_HOME/etc/apps/python_upgrade_readiness_app/lookups/pura_mark_public_as_private.csv
    
  2. Run the following search:

    | stats count | eval app_folder_name = "<name of application folder>" | table app_folder_name | outputlookup append=true pura_mark_public_as_private

Last modified on 10 May, 2023
PREVIOUS
REST API reference for the Upgrade Readiness App
  NEXT
Share data in the Upgrade Readiness App

This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters