Splunk® SOAR (On-premises)

Install and Upgrade Splunk SOAR (On-premises)

The classic playbook editor will be deprecated in early 2025. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Upgrade path for Splunk SOAR (On-premises) privileged installations

This table is designed to show you the stages of upgrading a privileged deployment of Splunk Phantom or Splunk SOAR (On-premises) to the most recent release.

  • Splunk Phantom must be upgraded incrementally from release to release.
  • Splunk SOAR (On-premises) release 5.0.1 through release 5.3.4 can be upgraded directly to release 5.3.6.
  • Splunk SOAR (On-premises) release 5.3.5 and 5.3.6 can be converted to unprivileged.
  • After upgrading to Splunk SOAR (On-premises) release 5.3.5 or 5.3.6 and converting to an unprivileged deployment, it is possible to skip intermediate releases between 5.3.5 and 6.2.1.
  • Clustered Splunk SOAR (On-premises) deployments, or deployments with an external PostgreSQL 11.x database must upgrade PostgreSQL from release 11.x to release 15.x before upgrading Splunk SOAR (On-premises) release 6.2.1 to higher releases. Non-clustered deployments, or deployments using a local PostgreSQL database can upgrade directly to Splunk SOAR (On-premises) release 6.2.2 or higher after converting to unprivileged.
  • Deployments running on CentOS 7 operating systems must migrate to a supported operating system before they can upgrade beyond release 6.3.0.

A list of important or breaking changes and the versions where those changes occur is in Splunk SOAR (On-premises) upgrade overview and prerequisites. Review that list before upgrading.

Upgrade path table

Look on the following table to find your currently installed Splunk Phantom or Splunk SOAR (On-premises) release to see your complete upgrade path.

Starting version Path to current version Notes
4.6.19142
  1. Upgrade to 4.8.24304
  2. Upgrade to 4.9.39220
  3. Upgrade to 4.10.7
  4. Upgrade to 5.3.6
  5. Convert to unprivileged.
  6. Upgrade to 6.2.1
  7. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  8. Upgrade to 6.3.0
  9. (Conditional) If needed, migrate to a supported operating system.
  10. Upgrade to 6.3.1
  1. Upgrade to 4.8.24304
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  4. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  5. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  6. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  7. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  8. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  9. (Conditional) If needed, migrate to a supported operating system.
  10. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
4.8.24304
  1. Upgrade to 4.9.39220
  2. Upgrade to 4.10.7
  3. Upgrade to 5.3.6
  4. Convert to unprivileged.
  5. Upgrade to 6.2.1
  6. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  7. Upgrade to 6.3.0
  8. (Conditional) If needed, migrate to a supported operating system.
  9. Upgrade to 6.3.1
  1. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  4. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  5. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  7. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  8. (Conditional) If needed, migrate to a supported operating system.
  9. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
4.9.39220
  1. Upgrade to 4.10.7
  2. Upgrade to 5.3.6
  3. Convert to unprivileged.
  4. Upgrade to 6.2.1
  5. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  6. Upgrade to 6.3.0
  7. (Conditional) If needed, migrate to a supported operating system.
  8. Upgrade to 6.3.1
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  4. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  5. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  6. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  7. (Conditional) If needed, migrate to a supported operating system.
  8. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
4.10.0 - 4.10.7
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  4. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  5. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  6. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  7. (Conditional) If needed, migrate to a supported operating system.
  8. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
4.10.7
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade 6.3.1
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  4. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  5. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  6. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  7. (Conditional) If needed, migrate to a supported operating system.
  8. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.0.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.1.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.2.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.2
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.3
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.4
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.
  3. Upgrade to 6.2.1
  4. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  5. Upgrade to 6.3.0
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment
  3. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  5. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  6. (Conditional) If needed, migrate to a supported operating system.
  7. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster
5.3.5
  1. Convert to unprivileged.
  2. Upgrade to 6.2.1
  3. (Conditional) If you have a clustered deployment, or an external PostgreSQL 11.x database, upgrade your external PostgreSQL 11.x database to PostgreSQL 15.x.
  4. Upgrade to 6.3.0
  5. (Conditional) If needed, migrate to a supported operating system.
  6. Upgrade to 6.3.1
  1. Upgrade to 6.2.1
    1. Single instance upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.2.1 Upgrade a Splunk SOAR (On-premises) cluster
  2. (Conditional) Clustered deployments or deployments with an external PostgreSQL 11.x database, upgrade PostgreSQL to 15.x
    1. Upgrading a PostgreSQL Cluster on PostgreSQL.org
  3. Upgrade to 6.3.0
    1. Single instance upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.0 Upgrade a Splunk SOAR (On-premises) cluster
  4. (Conditional) If needed, migrate to a supported operating system.
  5. Upgrade to 6.3.1
    1. Single instance upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) instance
    2. Cluster upgrade to 6.3.1 Upgrade a Splunk SOAR (On-premises) cluster

Examples

Example 1: Upgrading a clustered deployment from Splunk Phantom release 4.6 to Splunk SOAR 6.3.1:

  1. Upgrade your Splunk Phantom cluster nodes to release 4.8.24304
  2. Upgrade your Splunk Phantom cluster nodes to release 4.9.39220
  3. Upgrade your Splunk Phantom cluster nodes to release 4.10.7.63984
  4. Upgrade you Splunk Phantom cluster nodes to Splunk SOAR (On-premises) release 5.3.6
  5. Convert your privileged clustered deployment to unprivileged
  6. Upgrade your Splunk SOAR (On-premises) cluster nodes to Splunk SOAR (On-premises) release 6.2.1
  7. Upgrade the external PostgreSQL database from release 11.x to release 15.x
  8. Upgrade Splunk SOAR (On-premises) to release 6.3.0
  9. If you are running Splunk SOAR (On-premises) on CentOS 7, migrate your operating system to a supported operating system.
  10. Upgrade Splunk SOAR (On-premises) to release 6.3.1

Example 2: Upgrading from single instance deployment of Splunk Phantom release 4.6 to Splunk SOAR 6.3.1:

  1. Upgrade Splunk Phantom to release 4.8.24304
  2. Upgrade Splunk Phantom to release 4.9.39220
  3. Upgrade Splunk Phantom to release 4.10.7.63984
  4. Upgrade Splunk Phantom to release Splunk SOAR (On-premises) release 5.3.6
  5. Convert your privileged clustered deployment to unprivileged
  6. Upgrade Splunk SOAR (On-premises) to release 6.2.1
  7. Upgrade Splunk SOAR (On-premises) to release 6.3.0
  8. If you are running Splunk SOAR (On-premises) on CentOS 7, migrate your operating system to a supported operating system.
  9. Upgrade Splunk SOAR (On-premises) to release 6.3.1
Last modified on 14 November, 2024
Splunk SOAR (On-premises) upgrade overview and prerequisites   Upgrade path for Splunk SOAR (On-premises) unprivileged installations

This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters