Splunk® App for SOAR

Install and Configure Splunk App for SOAR

This documentation does not apply to the most recent version of Splunk® App for SOAR. For documentation on the most recent version, go to the latest release.

Upgrade the Splunk App for SOAR on Splunk Cloud Platform

This article describes how to upgrade the Splunk App for SOAR to the latest version.

Upgrade the Splunk App for SOAR

To upgrade the Splunk App for SOAR from version 1.0.0 to version 1.0.38 on Splunk Cloud Platform, follow these steps:

  1. Check the prerequisites and required steps described in Check prerequisites for Splunk App for SOAR.
  2. Submit a support request to the Splunk Cloud Platform team to assist you with upgrading the Splunk App for SOAR.
    To submit a support request, follow the instructions in the Splunk Cloud Requests for Apps and Add-ons Resources section of the Working with Splunk Support document. Note that upgrading the Splunk App for SOAR is considered to be not self service.

Confirm after upgrading

For both single search head and search head cluster installations:

In some cases after upgrading, audit inputs might be disabled. To enable your audit inputs, follow these steps:

  1. Within the Splunk App for SOAR, navigate to the Configurations tab.
  2. Toggle the Audit Input Status switch off and then on again.

For search head cluster installations:

In some cases after upgrading, server configurations and audit inputs might not synchronize properly across all search heads. To check synchronization and address improper synchronization, follow these steps:

  1. Within the Splunk App for SOAR, navigate to the Configurations tab.
  2. Check your search heads to see if your server configurations and audit inputs are replicating across the search head cluster. If they are synced properly, end the process here. If they are not synced properly across all search heads, continue with the next step.
  3. In the Configurations tab, locate each of the SOAR server configurations and audit inputs that you want to replicate across the search head cluster.
    • For each server configuration you want to replicate: Under the Actions column, click Manage, then click Edit Server. Do not make any changes to the configuration. Then click Save.
    • For each audit input replication, first complete the replication step for its corresponding server configuration, then under Manage, select Edit Server. Do not make any changes to the configuration. Then click Save

Changes your admin makes to the IP allow list in Splunk Cloud Platform can affect the integration with Splunk App for SOAR. If your admin makes changes to the IP allow list, test Splunk App for SOAR to make sure it works as expected.

Last modified on 09 December, 2022
 

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.38, 1.0.41, 1.0.57

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters