Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Upgrade path for Splunk SOAR (On-premises) privileged installations

Splunk Phantom must be upgraded incrementally from release to release until Splunk Phantom release 4.10.7. Splunk Phantom 4.10.7 and Splunk SOAR (On-premises) release 5.0.1 through release 5.3.4 can be upgraded to release 5.3.6. After upgrading to Splunk SOAR (On-premises) release 5.3.6, it is possible to upgrade directly to release 6.2.0. See the table later for more details.

Splunk SOAR (On-premises) release 5.3.5 can be upgraded directly release 6.2.0. See the table later for more details.

A list of important or breaking changes and the versions where those changes occur is in Splunk SOAR (On-premises) upgrade overview and prerequisites. Review that list before upgrading.

Upgrade path table

Look on the following table to find your currently installed Splunk Phantom or Splunk SOAR (On-premises) release to see your complete upgrade path.

For example, if you are using Splunk Phantom release 4.6 and want to upgrade to Splunk SOAR 6.2.0, you must upgrade your Splunk Phantom to release 4.8.24304, then release 4.9.39220, then release 4.10.7.63984, then to Splunk SOAR release 5.3.6, then converting your privileged deployment to unprivileged, then finally upgrading to Splunk SOAR release 6.2.0.

Starting version Path to current version Notes
4.6.19142
  1. Upgrade to 4.8.24304
  2. Upgrade to 4.9.39220
  3. Upgrade to 4.10.7
  4. Upgrade to 5.3.6
  5. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 4.8.24304
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  4. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  5. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
4.8.24304
  1. Upgrade to 4.9.39220
  2. Upgrade to 4.10.7
  3. Upgrade to 5.3.6
  4. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  4. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
4.9.39220
  1. Upgrade to 4.10.7
  2. Upgrade to 5.3.6
  3. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
4.10.0 - 4.10.6
  1. Upgrade to 4.10.7
  2. Upgrade to 5.3.6
  3. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
4.10.7
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.0.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.1.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.2.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.2
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.3
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.4
  1. Upgrade to 5.3.6
  2. Convert to unprivileged, then upgrade to 6.2.0
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Upgrade to 6.2.0
    1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
    2. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    3. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster
5.3.5
  1. Convert to unprivileged, then upgrade to 6.2.0
  1. Convert 5.3.5 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  2. Upgrade to 6.2.0
    1. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) cluster

Do not upgrade release 5.3.5 to release 5.3.6. If your Splunk SOAR (On-premises) deployment is release 5.3.5, convert to unprivileged and upgrade directly to 6.2.0.

5.3.6
  1. Convert to unprivileged, then upgrade to 6.2.0
  1. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  2. Upgrade to 6.2.0
    1. Single instance upgrade to 6.2.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.0 Upgrade an unprivileged Splunk SOAR (On-premises) cluster

Do not upgrade release 5.3.5 to release 5.3.6. If your Splunk SOAR (On-premises) deployment is release 5.3.5, convert to unprivileged and upgrade directly to 6.2.0.

Last modified on 04 January, 2024
upgrade overview and prerequisites   Upgrade path for Splunk SOAR (On-premises) unprivileged installations

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters