Splunk® App for SOAR Export

Use the Splunk App for SOAR Export to Forward Events

This documentation does not apply to the most recent version of Splunk® App for SOAR Export. For documentation on the most recent version, go to the latest release.

Upgrade the Splunk App for SOAR Export on Splunk Enterprise

Upgrade the Splunk App for SOAR Export to ensure that you can use the full functionality of the add-on.

Considerations before upgrading the Splunk App for SOAR Export

Read the following important information before upgrading the Splunk App for SOAR Export:

  • Downgrading from release 2.6.22 or higher of the Splunk App for SOAR Export to release 2.5.23 or lower is not supported.
  • When upgrading to this release of the Splunk App for SOAR Export from release 2.5.23 or earlier, it is recommended to upgrade to each intermediate version so that Splunk Phantom server configurations are properly converted and updated to newer formats. For example, to upgrade from release 2.5.23 to release 3.0.5, first upgrade to release 2.6.22 or 2.7.5, and then upgrade to release 3.0.5. Releases 2.6.22 and 2.7.5 both have the same server configuration, so you only need to upgrade to one of them.
  • Before upgrading the Splunk App for SOAR Export, backup your files from the command line by copying the complete directory $SPLUNK_HOME/etc/apps/phantom to another location that's not under $SPLUNK_HOME/etc/apps.

Steps to upgrade the Splunk App for SOAR Export

To upgrade the Splunk App for SOAR Export, follow these steps:

  1. Download the latest version of the Splunk App for SOAR Export from Splunkbase.
  2. Go to your Splunk Enterprise instance.
  3. In the apps panel, click the gear icon.
  4. Click Install app from file.
  5. Upload the Splunk App for SOAR Export file.
  6. Check the box to upgrade the add-on. Checking this box overwrites the add-on if it already exists.

Your Splunk Enterprise instance restarts to complete the upgrade.

Re-enter the credentials for alert action configurations

You must re-enter the credentials for alert action configurations after upgrading to this release of the Splunk App for SOAR Export.

  1. Navigate to the Splunk App for SOAR Export.
  2. Click on the Configurations tab.
  3. Click and expand the Alert Action Configuration section.
  4. Select Manage > Edit.
  5. Enter the password for this configuration
  6. Click "Save'.
Last modified on 25 August, 2022
Install the Splunk App for SOAR Export on Splunk Enterprise   Perform and check prerequisites for Splunk App for SOAR Export on Splunk Cloud Platform

This documentation applies to the following versions of Splunk® App for SOAR Export: 4.1.117

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters