On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
Upgrade the Splunk Data Stream Processor from 1.2.0 to 1.2.1
This topic describes how to upgrade the Splunk Data Stream Processor (DSP) from 1.2.0 to 1.2.1.
Before you upgrade
Before you upgrade DSP, review the known issues related to the upgrade process. Depending on what functions you have in your pipelines, you might need to do some additional steps to restore those pipelines after the upgrade is complete. In addition, there are some workarounds for these known issues.
As an alternative, you can uninstall DSP 1.2.0 and do a clean install of DSP 1.2.1. To do this, see the following topics:
- Back up your Splunk Data Stream Processor deployment
- Back up, restore, and share pipelines using SPL2
- Uninstall the Splunk Data Stream Processor
- Install the Splunk Data Stream Processor
The Splunk Data Stream Processor does not provide a means of downgrading to previous versions. If you need to revert to an older DSP release, uninstall the upgraded version and reinstall the version you want.
Step 1: Disable the scheduled jobs
The scheduled jobs in each Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor source connector must be disabled before you upgrade DSP. If you do not deactivate all scheduled jobs in these connectors before upgrading your DSP deployment, the Kubernetes container image name used by these connectors is not updated. See the ImagePullBackoff status shown in Kubernetes after upgrading DSP troubleshooting topic for more information.
- Open the DSP UI and navigate to Data Management > Connections.
- Deactivate the schedule for each Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor source connector.
- Select the connection you want to edit.
- Toggle the Scheduled parameter off.
- Save your changes
Step 2: Upgrade the Splunk Data Stream Processor
- Download the new Data Stream Processor tarball on one of the master nodes of your cluster.
- Extract the tarball.
tar xf <dsp-version>.tar
- Navigate to the extracted file.
cd <dsp-version>
- (Optional) If your environment has a small root volume (6GB or less of free space) in
/tmp
, your upgrade may fail when you run out of space. Choose a different directory to write temporary files to during the upgrade process.export TMPDIR=/<directory-on-larger-volume>
- From the extracted file directory, run the upgrade script.
./upgrade
Upgrading can take a while, depending on the number of nodes you have in your cluster. Once upgrading is done, the following message is shown: Upgrade completed successfully
followed by a bunch of garbage collection logs. Once you see those logs, you can then use the latest version of the .
Step 3: Validate the upgrade
The Splunk Data Stream Processor upgrade is now complete. Any pipelines that were active before the upgrade are reactivated. When the upgrade is completed, DSP shows the following message: DSP startup completed
.
- In the browser you use to access the DSP UI, clear the browser cache.
- Log in to DSP to confirm that your upgrade was successful.
https://<DSP_HOST>:30000/ User: dsp-admin Password: <the dsp-admin password>
After upgrading
Perform the following steps after upgrading the Splunk Data Stream Processor.
- (Optional) On each node, delete the directories containing the old version of the Splunk Data Stream Processor.
rm -r <dsp-version-upgraded-from>
- Re-enable the schedules for the Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor connectors that were disabled in Step 2.
- If you have the Splunk App for DSP installed on your Splunk DSP cluster, you must upgrade it to the latest version. See Install the Splunk App for DSP for more information.
- There are some known issues that can occur when upgrading. Review the Known issues for DSP topic, and follow any workarounds that apply to you.
After upgrading to the latest version of the Splunk Data Stream Processor, any command-line operations must be performed in the new upgraded directory on the master node.
Install the Splunk Data Stream Processor | Uninstall the Splunk Data Stream Processor |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1
Feedback submitted, thanks!