Plan the upgrade
Plan your upgrade of the Splunk App for PCI Compliance. You must be familiar with the app and have administrative knowledge of the Splunk platform to complete the upgrade.
Minimum requirements for upgrade
- Make sure your hardware and software versions are compatible with the new version by reviewing the Deployment options.
- Review the Known Issues and Release Notes in the Release Notes to understand the new features and functionality.
Planning the upgrade
The Splunk App for PCI Compliance upgrade process assumes the following:
- You have an installation of the Splunk App for PCI Compliance 3.0.x and the required add-ons in a single-instance Splunk deployment or on a dedicated search head in a distributed Splunk deployment.
- You are running Splunk Enterprise 6.6.x or later on a supported Linux or Windows system
Order of operations for upgrading
- Review this topic and any linked items to view the changes in the latest release.
- Upgrade Splunk platform instances.
- If installing the Splunk App for PCI Compliance (for Splunk Enterprise Security), upgrade the Splunk Enterprise Security search head instance.
- Upgrade Splunk App for PCI Compliance. See Upgrade the Splunk App for PCI Compliance.
- Review, upgrade, and deploy add-ons.
Search head clustering considerations
Upgrading a Splunk App for PCI Compliance deployment on a search head cluster is a multi-step process. The recommended procedure is detailed in Upgrading the Splunk App for PCI Compliance on a search head cluster in this manual.
Using the Splunk App for PCI Compliance installer
Splunk App for PCI Compliance supports upgrading from the previous minor version of the app. Performing a full backup of the search head is recommended as the upgrade process will not backup the existing installation before upgrading.
- The upgrade of the Splunk App for PCI Compliance on a search head will not complete if apps or add-ons included in the Splunk App for PCI Compliance package are managed by a deployment server. Before beginning an upgrade, remove the
deploymentclient.confcontaining references to the deployment server and restart Splunk services.
- The upgrade process will overwrite all prior or current versions of apps and add-ons, and it will inherit any configuration changes and files saved in the app
- The upgrade process will not overwrite a newer version of an app or add-on.
- An app or add-on that was disabled in the prior version will remain disabled after the upgrade.
Upgrading distributed add-ons
A copy of the latest add-ons are included with the Splunk App for PCI Compliance. When upgrading the Splunk App for PCI Compliance, review and deploy all add-ons to indexers and forwarders as required. The Splunk App for PCI Compliance installation process does not automatically upgrade or migrate any configurations deployed to the indexers or forwarders.
Any customizations made to the prior versions of an add-on must be manually migrated.
Configure Incident Workflow
Upgrade the Splunk App for PCI Compliance
This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1