Upgrade the Splunk Phantom App for Splunk on Splunk Enterprise

Upgrade the Splunk Phantom App for Splunk to ensure that you can use the full functionality of the add-on.

Considerations before upgrading the Splunk Phantom App for Splunk

Read the following important information before upgrading the Splunk Phantom App for Splunk:

Downgrading from release 2.6.22 or higher of the Splunk Phantom App for Splunk to release 2.5.23 or lower is not supported.
When upgrading to this release of the Splunk Phantom App for Splunk from release 2.5.23 or earlier, it is recommended to upgrade to each intermediate version so that Splunk Phantom server configurations are properly converted and updated to newer formats. For example, to upgrade from release 2.5.23 to release 3.0.5, first upgrade to release 2.6.22 or 2.7.5, and then upgrade to release 3.0.5. Releases 2.6.22 and 2.7.5 both have the same server configuration, so you only need to upgrade to one of them.
Before upgrading the Splunk Phantom App for Splunk, backup your files from the command line by copying the complete directory $SPLUNK_HOME/etc/apps/phantom to another location that's not under $SPLUNK_HOME/etc/apps.

To upgrade the Splunk Phantom App for Splunk, follow these steps:

Download the latest version of the Splunk Phantom App for Splunk from Splunkbase.
Go to your Splunk Enterprise instance.
In the apps panel, click the gear icon.
Click Install app from file.
Upload the Splunk Phantom App for Splunk file.
Check the box to upgrade the add-on. Checking this box overwrites the add-on if it already exists.

Your Splunk Enterprise instance restarts to complete the upgrade.

You must re-enter the credentials for alert action configurations after upgrading to this release of the Splunk Phantom App for Splunk.