Splunk® Data Stream Processor

Install and administer the Data Stream Processor

Acrobat logo Download manual as PDF


DSP 1.2.1 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.2-patch02. See Upgrade the Splunk Data Stream Processor from 1.2.1 to 1.2.2-patch02 for upgrade instructions, and Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046) for more information.
This documentation does not apply to the most recent version of DSP. Click here for the latest version.
Acrobat logo Download topic as PDF

Upgrade the Splunk Data Stream Processor from 1.2.0 to 1.2.1

This topic describes how to upgrade the Splunk Data Stream Processor (DSP) from 1.2.0 to 1.2.1.

Before you upgrade

Before you upgrade DSP, review the known issues related to the upgrade process. Depending on what functions you have in your pipelines, you might need to do some additional steps to restore those pipelines after the upgrade is complete. In addition, there are some workarounds for these known issues.

As an alternative, you can uninstall DSP 1.2.0 and do a clean install of DSP 1.2.1. To do this, see the following topics:

The Splunk Data Stream Processor does not provide a means of downgrading to previous versions. If you need to revert to an older DSP release, uninstall the upgraded version and reinstall the version you want.

Step 1: Disable the scheduled jobs

The scheduled jobs in each Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor source connector must be disabled before you upgrade DSP. If you do not deactivate all scheduled jobs in these connectors before upgrading your DSP deployment, the Kubernetes container image name used by these connectors is not updated. See the ImagePullBackoff status shown in Kubernetes after upgrading DSP troubleshooting topic for more information.

  1. Open the DSP UI and navigate to Data Management > Connections.
  2. Deactivate the schedule for each Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor source connector.
    1. Select the connection you want to edit.
    2. Toggle the Scheduled parameter off.
    3. Save your changes

Step 2: Upgrade the Splunk Data Stream Processor

  1. Download the new Data Stream Processor tarball on one of the master nodes of your cluster.
  2. Extract the tarball.
    tar xf <dsp-version>.tar
  3. Navigate to the extracted file.
    cd <dsp-version>
  4. (Optional) If your environment has a small root volume (6GB or less of free space) in /tmp, your upgrade may fail when you run out of space. Choose a different directory to write temporary files to during the upgrade process.
    export TMPDIR=/<directory-on-larger-volume>
  5. From the extracted file directory, run the upgrade script.
    ./upgrade

Upgrading can take a while, depending on the number of nodes you have in your cluster. Once upgrading is done, the following message is shown: Upgrade completed successfully followed by a bunch of garbage collection logs. Once you see those logs, you can then use the latest version of the .

Step 3: Validate the upgrade

The Splunk Data Stream Processor upgrade is now complete. Any pipelines that were active before the upgrade are reactivated. When the upgrade is completed, DSP shows the following message: DSP startup completed.

  1. In the browser you use to access the DSP UI, clear the browser cache.
  2. Log in to DSP to confirm that your upgrade was successful.
    https://<DSP_HOST>:30000/
    
    User: dsp-admin
    Password: <the dsp-admin password>
    

After upgrading

Perform the following steps after upgrading the Splunk Data Stream Processor.

  1. (Optional) On each node, delete the directories containing the old version of the Splunk Data Stream Processor.
    rm -r <dsp-version-upgraded-from>
    
  2. Re-enable the schedules for the Amazon CloudWatch Metrics, Amazon S3, AWS Metadata, Google Cloud Monitoring, Microsoft 365, and Microsoft Azure Monitor connectors that were disabled in Step 2.
  3. If you have the Splunk App for DSP installed on your Splunk DSP cluster, you must upgrade it to the latest version. See Install the Splunk App for DSP for more information.
  4. There are some known issues that can occur when upgrading. Review the Known issues for DSP topic, and follow any workarounds that apply to you.

After upgrading to the latest version of the Splunk Data Stream Processor, any command-line operations must be performed in the new upgraded directory on the master node.

Last modified on 13 December, 2021
PREVIOUS
Install the Splunk Data Stream Processor
  NEXT
Uninstall the Splunk Data Stream Processor

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters