Splunk® Enterprise

Installation Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Upgrade to 4.3 on Windows

This topic describes the procedure for upgrading your Windows Splunk instance from version 4.0.x or later to 4.3. You can upgrade using the GUI installer, or by running the msiexec utility on the command line as described in "Install on Windows via the command line".

Before you upgrade

Make sure you've read this information before proceeding, as well as the following:

Make sure you specify the same domain user

When upgrading, you must explicitly specify the same domain user that you specified during first time install. If you do not specify the same user, Splunk will default to using the Local System User. If you accidentally specify the wrong user during your installation, use these instructions to switch to the correct user before starting Splunk.

Don't change the ports

Changing the management port and/or the HTTP port when upgrading is not supported.

Back your files up

Before you perform the upgrade, we strongly recommend that you back up all of your files, including Splunk configurations, indexed data and binaries. Splunk does not provide a means of downgrading to previous versions; if you need to revert to an older Splunk release, just reinstall it.

For information on backing up data, read "Back up indexed data".

For information on backing up configurations, read "Back up configuration information".

Note: When you upgrade to Splunk 4.3 on Windows, the installer will overwrite any custom certificate authority (CA) certificates you have created in %SPLUNK_HOME%\etc\auth. If you have custom CA files, make sure to back them up before you upgrade. After the upgrade, you can copy them back into %SPLUNK_HOME%\etc\auth to restore them. After you have restored the certificates, restart Splunk.

Upgrade using the GUI installer

1. Stop Splunk by either using the Services control panel or executing the %SPLUNK_HOME%\bin\splunk stop command.

2. Download the new MSI file from the Splunk download page.

3. Double-click the MSI file. The Welcome panel is displayed. Follow the on-screen instructions to upgrade Splunk. For information about each panel, refer to the installation instructions.

4. Splunk will start up by default when you complete the installation.

A log of the changes made to your configuration files during the upgrade is placed in %TEMP%.

Upgrade using the command line

1. Stop Splunk either by using the Services control panel or executing the  %SPLUNK_HOME%\bin\splunk stop command.

2. Download the new MSI file from the Splunk download page.

3. Use the instructions in "Install on Windows via the command line".

  • If Splunk is running as a user other than the Local System user, you must explicitly specify this user in your command-line instruction.
  • You can use the LAUNCHSPLUNK option to specify whether Splunk should start up automatically or not when you're finished, but you cannot change any other settings.
  • DO NOT change the ports (SPLUNKD_PORT and WEB_PORT) at this time.

4. Depending on your specification, Splunk may start automatically when you complete the installation.

A log of the changes made to your configuration files during the upgrade is placed in %TEMP%.

Start Splunk

On Windows, Splunk is installed by default into %SYSTEMDRIVE%\Program Files\Splunk and is started by default.

You can start and stop the following Splunk processes via the Windows Services control panel:

  • Server process: splunkd
  • Web interface process: splunkweb

You can also start, stop, and restart both processes at once by going to %SYSTEMDRIVE%\Program Files\Splunk\bin and typing

#  splunk [start|stop|restart]

Migrate searches for local performance monitoring metrics in the Windows app

The Windows app currently does not make use of the Windows performance monitor collection features available in Splunk 4.3. While the app does work, and is supported, by default it will continue to gather local performance metrics using WMI-based inputs.

If you're using the Windows app, and want to use the new features, or you're using a universal forwarder to send data with the default performance monitoring data collections to an instance that's running the app, then you'll need to update the searches within the app, based on your defined performance monitoring collections.

You can follow the Windows app on Splunkbase for future updates.

Upgrade to 4.3 on UNIX
Migrate to the new Splunk licenser

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters