Splunk® Phantom

Install and Upgrade Splunk Phantom

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Phantom. Click here for the latest version.
Acrobat logo Download topic as PDF

Splunk Phantom upgrade overview and prerequisites

Splunk Phantom requires incremental upgrades from earlier versions.

Do not skip any required versions when upgrading Splunk Phantom. For example, to upgrade Splunk Phantom from version 4.2 to version 4.6, you must upgrade to version 4.5 before upgrading to version 4.6.

The amount of required downtime for an upgrade will depend on the amount of data in your database, and the release version to which you are upgrading.

Upgrading a Splunk Phantom cluster requires upgrading individual nodes, one at a time.

Prerequisites for upgrading Splunk Phantom

You need the following information before beginning your upgrade:

  • A minimum of 5GB of space available in the /tmp directory.
  • Your Splunk Phantom Community portal login. The script will prompt you for these credentials during the upgrade.
  • A user account on the operating system for your Splunk Phantom instance or cluster nodes with sudo privileges, or root access on those systems.

For unprivileged deployments, you will need the login credentials for the user account that runs Splunk Phantom instead.

Required preparations

Before you begin your upgrade of Splunk Phantom, perform the following tasks:

  • Make a full backup of your Splunk Phantom deployment before upgrading. Alternatively, for single instance deployments running as a virtual machine, create a snapshot of the virtual machine.
  • After your upgrade is complete, clear your browser cache before logging into Splunk Phantom for the first time.

Upgrade Splunk Phantom

When you are ready to upgrade Splunk Phantom, follow one of these sets of instructions, based on your Splunk Phantom deployment:

Last modified on 16 October, 2020
Set up Splunk Enterprise
Splunk Phantom repositories and signing keys packages

This documentation applies to the following versions of Splunk® Phantom: 4.8

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters