Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Upgrade to 4.3 on UNIX

This topic describes the procedure for upgrading your Splunk instance from version 4.0.x or later to 4.3.

Before you upgrade

Make sure you've read this information before proceeding, as well as the following:

Back your files up

Before you perform the upgrade, we strongly recommend that you back up all of your files, including Splunk configurations, indexed data, and binaries. Splunk does not provide a means of downgrading to previous versions; if you need to revert to an older Splunk release, just reinstall it.

For information on backing up data, read "Back up indexed data".

For information on backing up configurations, read "Back up configuration information".

How upgrading works

After performing the installation of the new version, your configuration changes are not actually made until you start Splunk. You can run the migration preview utility at that time to see what will be changed before the files are updated. If you choose to view the changes before proceeding, a file containing the changes that the upgrade script proposes to make is written to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

Steps for upgrading

1. Execute the $SPLUNK_HOME/bin/splunk stop command.

Important: Make sure no other processes will start Splunk automatically (such as Solaris SMF).

2. To upgrade and migrate from version 4.0 and later, install the Splunk package over your existing Splunk deployment:

  • If you are using a .tar file, expand it into the same directory with the same ownership as your existing Splunk instance. This overwrites and replaces matching files but does not remove unique files.
    Note: AIX tar will fail to correctly overwrite files when run as a user other than root. Use GNU tar (gtar) to avoid this problem.
  • If you are using a package manager, such as RPM, type rpm -U [--prefix <existing Splunk location>] splunk_package_name.rpm
  • If you are using a .dmg file (on Mac OS X), double-click it and follow the instructions. Be sure specify the same installation directory as your existing installation.

3. Execute the $SPLUNK_HOME/bin/splunk start command.

The following output is displayed:

This appears to be an upgrade of Splunk.
Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk's installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.
You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:
If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose 'y'.
If you want to see what changes will be made before you proceed with the
upgrade, choose 'n'.
Perform migration and upgrade without previewing configuration changes? [y/n]

4. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away.

5. If you choose to view the expected changes, the script provides a list.

6. Once you've reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

Note: You can complete Steps 3 to 5 in one line:

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:

$SPLUNK_HOME/bin/splunk start --accept-license --answer-no

To accept the license and begin the upgrade without viewing the changes (answer 'y'):

$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
Upgrade from 3.x to 4.3
Upgrade to 4.3 on Windows

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters