The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk
® SOAR (On-premises).
For documentation on the most recent version, go to
the latest release.
Upgrade path for Splunk SOAR (On-premises) privileged installations
Splunk Phantom must be upgraded incrementally from release to release until Splunk Phantom release 4.10.7. Splunk Phantom 4.10.7 and Splunk SOAR (On-premises) release 5.0.1 through release 5.3.4 can be upgraded to release 5.3.6. After upgrading to Splunk SOAR (On-premises) release 5.3.6, it is possible to upgrade directly to release 6.2.0. See the table later for more details.
Splunk SOAR (On-premises) release 5.3.5 can be upgraded directly release 6.2.0. See the table later for more details.
A list of important or breaking changes and the versions where those changes occur is in Splunk SOAR (On-premises) upgrade overview and prerequisites. Review that list before upgrading.
Upgrade path table
Look on the following table to find your currently installed Splunk Phantom or Splunk SOAR (On-premises) release to see your complete upgrade path.
For example, if you are using Splunk Phantom release 4.6 and want to upgrade to Splunk SOAR 6.2.0, you must upgrade your Splunk Phantom to release 4.8.24304, then release 4.9.39220, then release 4.10.7.63984, then to Splunk SOAR release 5.3.6, then converting your privileged deployment to unprivileged, then finally upgrading to Splunk SOAR release 6.2.0.
Starting version
|
Path to current version
|
Notes
|
4.6.19142
|
- Upgrade to 4.8.24304
- Upgrade to 4.9.39220
- Upgrade to 4.10.7
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 4.8.24304
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 4.9.39220
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 4.10.7
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
4.8.24304
|
- Upgrade to 4.9.39220
- Upgrade to 4.10.7
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 4.9.39220
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 4.10.7
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
4.9.39220
|
- Upgrade to 4.10.7
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 4.10.7
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
4.10.0 - 4.10.6
|
- Upgrade to 4.10.7
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 4.10.7
- Standalone upgrade Upgrade a standalone Splunk Phantom instance
- Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
- Cluster upgrade Upgrade a Splunk Phantom cluster
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
4.10.7
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.0.1
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.1.0
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.2.1
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.0
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.1
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.2
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.3
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.4
|
- Upgrade to 5.3.6
- Convert to unprivileged, then upgrade to 6.2.0
|
- Upgrade to 5.3.6
- Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
- Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
- Upgrade to 6.2.0
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
|
5.3.5
|
- Convert to unprivileged, then upgrade to 6.2.0
|
- Convert 5.3.5 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Upgrade to 6.2.0
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
Do not upgrade release 5.3.5 to release 5.3.6. If your Splunk SOAR (On-premises) deployment is release 5.3.5, convert to unprivileged and upgrade directly to 6.2.0.
|
5.3.6
|
- Convert to unprivileged, then upgrade to 6.2.0
|
- Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
- Upgrade to 6.2.0
- Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
- Cluster upgrade to 6.2.0 Upgrade an unprivileged Splunk SOAR (On-premises) cluster
Do not upgrade release 5.3.5 to release 5.3.6. If your Splunk SOAR (On-premises) deployment is release 5.3.5, convert to unprivileged and upgrade directly to 6.2.0.
|
Feedback submitted, thanks!