Skip to main content
Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

Splunk® SOAR (On-premises)
6.2.1
As of version 6.4.0, the visual editor for classic playbooks is no longer part of Splunk SOAR. Before upgrading, convert your classic playbooks to modern mode. Your classic playbooks will continue to run and you can view and edit them in the SOAR Python code editor.
For details, see:
This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.

Migrate a Splunk SOAR (On-premises) install from RHEL 7 or CentOS 7 to RHEL 8

Support for Red Hat Enterprise Linux 8 (RHEL) was added with the release of Splunk SOAR (On-premises) version 5.5.0. This topic provides a high-level overview of the process for migrating your Splunk SOAR (On-premises) host's operating system to RHEL 8.

This article focuses on the current Splunk SOAR (On-premises) release. You can upgrade to any Splunk SOAR (On-premises) release 5.5.0 or higher.

Before you begin

Before you migrate your Splunk SOAR (On-premises) deployment from RHEL 7 or CentOS 7 to RHEL 8, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Splunk SOAR (On-premises) backup and restore overview.

It is safe to restore a RHEL 7 Splunk SOAR (On-premises) backup on RHEL 8.

Now migrate your operating system using one of these methods:

Upgrade the Splunk SOAR (On-premises) host operating system in place

This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment in place.

Operating system migrations paths:

  • RHEL 7 upgrade to RHEL 8
  • CentOS 7 convert to RHEL 7, then upgrade to RHEL 8

Convert CentOS 7 to RHEL 7

Before your CentOS 7 operating system can be upgraded to RHEL 8, you must convert it to RHEL 7.

Follow Red Hat's instructions for converting CentOS 7 to RHEL 7. See Converting CentOS Linux to Red Hat Enterprise Linux on the Red Hat site.

Upgrade from RHEL 7 to RHEL 8

Follow Red Hat's instructions for upgrading RHEL 7 to RHEL 8. See the Upgrading from RHEL 7 to RHEL 8 on the Red Hat site.

Upgrade to the latest version of Splunk SOAR (On-premises)

Once you have upgraded the operating system on your Splunk SOAR (On-premises) deployment in place, upgrade Splunk SOAR (On-premises) to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.

Upgrade the Splunk SOAR (On-premises) host operating system for a cluster in place

This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment for clusters in place. Before you begin, ensure that all cluster nodes are using a Splunk SOAR (On-premises) version 5.5.0 or higher.

  1. Upgrade the cluster nodes, one at a time.

    If you are upgrading from CentOS 7, deactivate cron jobs for the duration of the upgrade.

  2. Upgrade Splunk SOAR (On-premises) to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.

Upgrade the Splunk SOAR (On-premises) to a new RHEL 8 host by using backup and restore

This method involves creating a new RHEL 8 system for your Splunk SOAR (On-premises) and restoring your existing Splunk SOAR (On-premises) to the new host.

Operating system migrations paths:

  • RHEL 7 upgrade to RHEL 8
  • CentOS 7 to RHEL 8

Do the following tasks.

  1. Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64. 
    cd /opt/phantom/usr/lib64
rm libssl*
rm libcrypto*
    These libraries are provided by the operating system in RHEL 8. Deleting the copies in the SOAR distribution prevents conflicts, making the original RHEL 7 installation RHEL 8 compatible.
  2. If you have not already done so, upgrade your current Splunk SOAR (On-premises) deployment to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
  3. After your upgrade to Splunk SOAR (On-premises) the current release is complete, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
  4. Create a new instance of the current Splunk SOAR (On-premises) where the operating system is RHEL 8. See
  5. Use the backup created earlier to restore the original deployment to the new deployment. See Restore Splunk SOAR (On-premises) from a backup.
Last modified on 20 June, 2024
Upgrade a Splunk SOAR (On-premises) cluster   Migrate from Splunk SOAR (On-premises) to Splunk SOAR (Cloud)

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.3.0, 6.3.1

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters