Monitor your universal forwarder upgrade status
Verify that your upgrade is successful
Verify that your upgrade is successful using the following search on the search heads:
index=_internal source=*splunk-upgrade* Upgrade has been completed successfully.
About update failures
The Remote Upgrader for Linux Universal Forwarders provides retry and timeout mechanisms to mitigate upgrade issues. By default the Remote Upgrader for Linux Universal Forwarders will retry the upgrade three times, with a 300 second timeout. If the upgrade still fails, the Remote Upgrader for Linux Universal Forwarders marks the upgrade as failed. The retry and timeout configurations are configurable in the local_config file:
FWD_UPGRADE_TIMEOUT_SEC=300
FWD_UPGRADE_MAX_RETRY=3
When an upgrade fails, the Remote Upgrader for Linux Universal Forwarders will roll back to the previous version as follows:
- The Remote Upgrader for Linux Universal Forwarders backs up the existing SPLUNK_HOME directory before upgrade.
- A new directory is created under the ./history directory.
- If an automatic update fails, the Remote Upgrader for Linux Universal Forwarders automatically restores this backup. This ensures that the universal forwarder continues to function, especially in a deployment server deployment, and gives you the opportunity to triage or fix the upgrade issues.
| Remotely upgrade the Remote Upgrader for Linux Universal Forwarders | Advanced configurations |
This documentation applies to the following versions of Splunk® Universal Forwarder: 1.0.0, 8.2.11, 8.2.12, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0
Download manual
Feedback submitted, thanks!