After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Upgrade a single instance on a system with limited internet access
It is now possible to upgrade directly to later releases of Splunk SOAR (On-premises).
Privileged deployments upgrade directly to Splunk SOAR (On-premises) release 5.3.6, convert to unprivileged, then immediately upgrade to Splunk SOAR (On-premises) release 6.1.1.
Unprivileged deployments upgrade directly to Splunk SOAR (On-premises) release 6.1.1
See Splunk SOAR (On-premises) upgrade overview and prerequisites for more information.
Some deployments of have deliberately limited access to the internet, making it difficult to upgrade using RPM packages. TAR file distributions of are available to upgrade these offline deployments.
To upgrade an offline deployment:
- Get the upgrade TAR file. See repositories and signing keys packages.
- Update the operating system and dependencies. See Prepare your deployment for upgrade.
- Upgrade from the tar file.
Upgrade from the tar file
- Make sure you have read and done the steps from upgrade overview and prerequisites.
- Log in to the instance's operating system as either the root user or a user with sudo privileges.
- Make a directory for the tar file. mkdir /usr/local/src/upgrade-<version>
- Change to the directory you just created. cd /usr/local/src/upgrade-<version>
- Download or copy the tar file to the directory.
- Extract the TAR file. tar -xvzf phantom_offline_setup_<OS>-<version>.tgz
- Change to the directory phantom_offline_setup, which was created by extracting the TAR file:cd phantom_offline_setup_<OS>-<version>
- Run the installation script with the
nohup
command. Usingnohup
helps you avoid issues in case the SSH session times out, such as upgrade failure or system wipe and rebuild.nohup phantom_offline_setup_<OS>.sh upgrade --no-prompt --without-apps > soar_upgrade_1.out 2> soar_upgrade_2.out 3> soar_upgrade_3.out &To upgrade all the installed apps during the platform upgrade:nohup phantom_offline_setup_<OS>.sh --no-prompt upgrade> soar_upgrade_1.out 2> soar_upgrade_2.out 3> soar_upgrade_3.out &Output from the command is redirected to the files soar_upgrade_1.out, soar_upgrade_2.out, and soar_upgrade_3.out.Because upgraded apps may require changes to their asset configuration, apps should be individually evaluated and upgraded using Main Menu > Apps, then clicking the APP UPDATES button.
- If the upgrade script produced the following message: Then run the command:
To improve database performance, after completing the upgrade, run: su - postgres -c '/usr/pgsql-11/bin/vacuumdb -h /tmp --all --analyze-in-stages'
su - postgres -c '/usr/pgsql-11/bin/vacuumdb -h /tmp --all --analyze-in-stages'
- Validate the upgrade by logging in to the web interface.
- Once your deployment has been upgraded, reindex playbook data. From Main Menu > Administration > Administration Settings > Search Settings, select "playbooks from the drop-down menu, then click the Reindex Search Data button.
Upgrade a single instance | Upgrade a single unprivileged instance |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1
Feedback submitted, thanks!