Splunk® Phantom (Legacy)

Install and Upgrade Splunk Phantom

This documentation does not apply to the most recent version of Splunk® Phantom (Legacy). For documentation on the most recent version, go to the latest release.

Upgrade a standalone Splunk Phantom instance

Follow these steps to upgrade your Splunk Phantom instance.

  1. Make sure you have read Splunk Phantom upgrade overview and prerequisites.
  2. Log in to the Splunk Phantom instance's operating system as either the root user or a user with sudo privileges.
  3. If you are using a warm standby, disable warm standby. See Upgrade or maintain warm standby instances in Administer Splunk Phantom.
  4. If you are using automation to run ibackup.pyc to make backups, cancel backups that could run during your upgrade window. For example, if you have configured a cron job to run ibackup.pyc, disable that cron job.
  5. Stop all Splunk Phantom services. For example, as the root user: 
    /opt/phantom/bin/stop_phantom.sh
  6. Delete the file /tmp/phantomOvaUpgrade. 
    rm -f /tmp/phantomOvaUpgrade
  7. Clear the YUM caches. For example, as the root user: 
    yum clean all
  8. Update the operating system and installed packages. For example, as the root user: 
    yum update --exclude=nginx
  9. If a kernel update was included in your operating system updates, restart the operating system. For example, as the root user: 
    reboot
    If you did not need to restart the operating system, restart Splunk Phantom. For example, as the root user: 
    /<PHANTOM_HOME>/bin/start_phantom.sh
  10. If a system restart was required, after the system restarts, log in to the operating system as either the root user or a user with sudo privileges.
  11. Install the Splunk Phantom repository and signing keys. See Splunk Phantom repositories and signing keys packages.
  12. Run the upgrade script. For example, as the root user: 
    /opt/phantom/bin/phantom_setup.sh upgrade
    If you don't want to upgrade your installed apps during the upgrade, you can use the --without-apps option. 
    /opt/phantom/bin/phantom_setup.sh upgrade --without-apps

    You will be prompted during this script for your Splunk Phantom Community portal login.

  13. After the upgrade is complete, from Main Menu > Administration > Administration Settings > Search Settings, select Playbook from the drop-down menu, then click the Reindex Search Data button.
Last modified on 25 March, 2021
Splunk Phantom repositories and signing keys packages   Upgrade Splunk Phantom on a system with limited internet access

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters