How to upgrade the Splunk App for Windows Infrastructure
The commands shown in this topic are PowerShell. If you use *nix, substitute the PowerShell directives with their *nix counterparts. If you use different directories for Splunk Enterprise and deployment server, substitute the directories shown with your specific directories.
The search head is the Splunk Enterprise instance that runs the Splunk App for Windows Infrastructure and shows all of the app data. Perform these upgrade instructions on any host that has been designated as a search head in your deployment.
- (Only applies if you are upgrading from v2.0.2 or below) Remove the role "winfra-admin" from all the users. This is important because this role has been removed from Splunk App for Windows Infrastructure v2.0.3 or higher. There can be unexpected errors if any of the user is still assigned with this role after upgrade.
- In case of standalone search head, remove the existing default.xml file from the local folder etc/apps/splunk_app_windows_infrastructure/local/data/ui/nav on the search head.
- (Optional) Backup local changes (local folder) created on the search head and search head deployer.
- (Only applies if you are if upgrading from v2.0.2 or below) As "winfra-admin" role is removed from the app, follow these steps to remove the definition of "winfra-admin" role from the app package on your search head deployer:
- Remove authorize.conf file from etc/shcluster/apps/splunk_app_windows_infrastructure/default/. If you have single search head, remove the authorize.conf file from the etc/apps/splunk_app_windows_infrastructure/default/ directory. This needs to be removed from the splunk_app_windows_infrastructure/default/ directory because the new package doesn't contain an authorize.conf file.
- Remove the
[role_winfra-admin]
stanza and its related values from the etc/shcluster/apps/splunk_app_windows_infrastructure/local/authorize.conf. If you have single search head, remove the[role_winfra-admin]
stanza and its related values from etc/apps/splunk_app_windows_infrastructure/local/authorize.conf.
- Install the new Splunk App for Windows Infrastructure in the etc/shcluster/apps/ directory on your search head deployer. If you have a single search head, install the Splunk App for Windows Infrastructure in etc/apps/.
- Remove windows_apps.csv from the app:
- Remove windows_apps.csv lookup if available from etc/shcluster/apps/splunk_app_windows_infrastructure/lookups on the search head deployer. In the case of standalone search head, remove it from etc/apps/splunk_app_windows_infrastructure/lookups.
- Remove the
windows_apps_lookup
andwindows_apps
definitions from etc/shcluster/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on the search head deployer. In the case of standalone search head, remove thewindows_apps_lookup
definition from etc/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on the search head.[windows_app_lookup] filename = windows_apps.csv [windows_apps] filename=windows_apps.csv max_matches=1
- Push the updated bundle from the search head deployer to all your search heads.
- Once you have successfully pushed the app, run the guided setup again on any one of the search heads.
Install the Splunk App for Windows Infrastructure using self service installation on Splunk Cloud | Upgrade from version 1.0.x |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 2.0.4
Feedback submitted, thanks!