How the Remote Upgrader for Linux Universal Forwarders works

Here is an example workflow for the Remote Upgrader for Linux Universal Forwarders:

1. The Remote Upgrader for Linux Universal Forwarders monitors the trigger file start_uf_upgrade under the directory /tmp/SPLUNK_UPGRADER_MONITORED_DIR. The start_uf_upgrade and /tmp/SPLUNK_UPGRADER_MONITORED_DIR files are default values that can be modified as needed.
2. When the Remote Upgrader for Linux Universal Forwarders observes trigger file activity indicating a new package, it attempts to retrieve the universal forwarder package.
3. If you have configured signature validation, the Remote Upgrader for Linux Universal Forwarders validates the Splunk signature for the package.
4. The Remote Upgrader for Linux Universal Forwarders validates the universal forwarder migration path from the current version to the destination version. For more about valid migration paths, see Supported universal forwarders versions.
5. The Remote Upgrader for Linux Universal Forwarders starts the upgrade. By default, three attempts are made, which timeout at 300 seconds each. You can also manually configure the number of retry attempts and timeouts.
6. If the upgrade fails for any reason, the Remote Upgrader for Linux Universal Forwarders rolls back the upgrade and restores the current version.
7. Upon successful upgrade and once the universal forwarder is running, the Remote Upgrader for Linux Universal Forwarders ingests the upgrade logs to the indexers.
8. If the universal forwarder and deployment server are running on 9.2 or higher, the Remote Upgrader for Linux Universal Forwarders reports the new upgrade status to the deployment server.