Splunk Phantom upgrade overview and prerequisites

Splunk Phantom requires incremental upgrades from earlier versions.

Do not skip any required versions when upgrading Splunk Phantom. For example, to upgrade Splunk Phantom from version 4.2 to version 4.6, you must upgrade to version 4.5 before upgrading to version 4.6.

The amount of required downtime for an upgrade will depend on the amount of data in your database, and the release version to which you are upgrading.

Upgrading a Splunk Phantom cluster requires upgrading individual nodes, one at a time.

Prerequisites for upgrading Splunk Phantom

You need the following information before beginning your upgrade:

• A minimum of 5GB of space available in the /tmp directory.
• Your Splunk Phantom Community portal login. The script will prompt you for these credentials during the upgrade.
• A user account on the operating system for your Splunk Phantom instance or cluster nodes with sudo privileges, or root access on those systems.

For unprivileged deployments, you will need the login credentials for the user account that runs Splunk Phantom instead.

Required preparations

Before you begin your upgrade of Splunk Phantom, perform the following tasks:

• Make a full backup of your Splunk Phantom deployment before upgrading. Alternatively, for single instance deployments running as a virtual machine, create a snapshot of the virtual machine.
• After your upgrade is complete, clear your browser cache before logging into Splunk Phantom for the first time.

Upgrade Splunk Phantom

When you are ready to upgrade Splunk Phantom, follow one of these sets of instructions, based on your Splunk Phantom deployment:

• Upgrade a standalone Splunk Phantom instance.
• Upgrade an unprivileged standalone Splunk Phantom instance.
• Upgrade a Splunk Phantom cluster.
• Upgrade an unprivileged Splunk Phantom cluster.