Upgrade Splunk Phantom on a system with limited internet access
Some deployments of Splunk Phantom have deliberately limited access to the internet, making it difficult to upgrade using RPM packages. TAR file distributions of Phantom are available to upgrade these offline deployments.
To upgrade an offline Phantom deployment:
- Get the upgrade TAR file.
- Update the operating system and dependencies.
- Upgrade Splunk Phantom from the tar file.
- Validate the upgrade by logging in to the Splunk Phantom web interface.
- From Main Menu > Administration > Administration Settings > Search Settings, select "playbooks from the drop-down menu, then click the Reindex Search Data button.
Get the upgrade TAR file
Contact Splunk Phantom Support to get access to the offline installer tar file. Once access has been granted, you can download the file from the Splunk Phantom community website.
Offline upgrade TAR files are available for these operating systems:
- Red Hat Enterprise Linux 6.10, 7.6
- CentOS 6.10, 7.6
Update the operating system and dependencies
Do these tasks with root permissions, either by logging in as root or as a user with sudo permission.
On Red Hat Enterprise Linux, you must either create a satellite server or local YUM repository for operating system packages and other dependencies. See the Red Hat Knowledgebase article How can we regularly update a disconnected system (A system without internet connection)?
- Delete the file
rm -f /tmp/phantomOvaUpgrade
- Clear YUM's caches. yum clean all
- Update the operating system and all installed packages. yum update
- Restart the operating system. shutdown -r now
You may need additional repositories to satisfy dependencies.
The upgrade repositories are:
* These repositories are only needed if your deployment is using the version of PostgreSQL distributed by Red Hat. The version of PostgreSQL bundled with Splunk Phantom is the version distributed by the PostgreSQL Global Development Group (PGDG).
Upgrade Splunk Phantom from the tar file
- Make a directory for the tar file. mkdir /usr/local/src/upgrade-<version>
- Change to the created directory. cd /usr/local/src/upgrade-<version>
- Download or copy the tar file to the directory.
- Extract the tar file. tar -xvzf phantom_offline_setup_<OS>-<version>.tgz
- Change to the directory phantom_offline_setup:cd phantom_offline_setup_<OS>-<version>.tgz
- Run the installation script. ./phantom_offline_setup_<OS>.sh upgradeTo upgrade without apps, add
--without-appsto the command:./phantom_offline_setup_<OS>.sh upgrade --without-apps
- After the upgrade is complete, from Main Menu > Administration > Administration Settings > Search Settings, select Playbooks from the drop-down menu, then click the Reindex Search Data button.
Upgrade a standalone Splunk Phantom instance
Upgrade an unprivileged standalone Splunk Phantom instance
This documentation applies to the following versions of Splunk® Phantom: 4.8