Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Prepare your Splunk SOAR (On-premises) deployment for upgrade

Before you upgrade , you will need to prepare your instance or your cluster nodes by updating the operating system and any installed installed packages.

The installation TAR file used for upgrades contains all the required dependencies for .

Update the operating system and installed packages

Follow these steps to update the operating system and otherwise prepare your deployment for the upgrade.

For a clustered deployment, prepare cluster nodes in a rolling fashion, one cluster node at a time.

  1. Log in to the instance's operating system.
    1. For unprivileged deployments, log in as the user account that runs .
  2. If you use a warm standby or use ibackup.pyc for backups, you must disable those features before proceeding. If you are not using either of those features, you may skip these sub-steps.
    1. On a single instance deployment of , disable warm standby. See Upgrade or maintain warm standby instances in Administer .
    2. If you are using automation to run ibackup.pyc to make backups, cancel backups that could run during your upgrade window. For example, if you have configured a cron job to run ibackup.pyc, disable that cron job.
  3. Stop all services. For example:
    /<$PHANTOM_HOME>/bin/stop_phantom.sh
  4. Clear the YUM caches. As the root user:
    yum clean all
  5. Update the installed software packages and apply operating system patches. As the root user:
    yum update
  6. Restart the operating system. As the root user:
    reboot
  7. After the system restarts, log in to the operating system as either the root user or a user with sudo privileges.
  8. The install script requires the ability to create jobs in cron. See System requirements for production use. Check that the cron daemon is running.
    ps -ef | grep crond
    1. If the cron daemon is not running, start it.
      systemctl start crond.service
Last modified on 20 December, 2023
Upgrade path for Splunk SOAR (On-premises) unprivileged installations   Convert a privileged deployment to an unprivileged deployment

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters