How to upgrade Splunk
This topic discusses how to upgrade Splunk and its components from one version to another.
In many cases, you upgrade Splunk by installing the latest package over your existing installation. On Windows systems, the installer package detects when you have a version installed and offers to upgrade it for you.
Note: When upgrading Splunk, be sure to upgrade it using an administrative level account.
What's new and awesome in 5.0?
Read "Meet Splunk 5.0" in the Release Notes for a full list of the new features we've delivered in 5.0.
Review the known issues in the Release Notes for a list of issues and workarounds in this release.
Always back up your existing deployment first
Get into the habit of backing up your existing deployment before any upgrade or migration.
You can manage your risk by using technology that allows you to restore your Splunk install and data to a state prior to the upgrade, whether you use external backups, disk or file system snapshots, or other means. When backing up your Splunk data, consider the $SPLUNK_HOME directory, as well as any indexes outside of it.
For more information about backing up your Splunk deployment, read the topics "Back up configuration information" in the Admin Manual and "Back up indexed data" in the Managing Indexers and Clusters Manual.
Then, read about important migration information before upgrading
Important: Before upgrading, be sure to read "About upgrading to 5.0: READ THIS FIRST" for specific migration tips and information that might affect you.
Upgrade from 4.2 and later
Splunk supports a direct upgrade from versions 4.2 and later to version 5.0.
If you're upgrading from 4.3.x or later, read the rest of this topic first before proceeding with the installation instructions linked below.
If you're upgrading from 4.2.x to 5.0, Splunk recommends that you also review the 4.3.x version of the topic you're reading now as well as this version before proceeding with the installation instructions:
Upgrade from 4.1 and earlier
Upgrading directly to 5.0 from versions older than 4.2 is not officially supported. If you are running a version of Splunk earlier than 4.2, then you should upgrade to 4.2 first before attempting an upgrade to 5.0. Read "About upgrading to 4.2 READ THIS FIRST" for specific details on how to upgrade to version 4.2.
Upgrade distributed deployments
If you're planning to upgrade your distributed Splunk environment, be sure to read "Upgrade your distributed environment" in the Distributed Deployment Manual for guidance on how to do so with minimal impact.
Upgrade universal forwarders
Upgrading universal forwarders is a different process than upgrading full Splunk. Before upgrading your universal forwarders, be sure to read the appropriate upgrade topic for your operating system:
To learn about interoperability and compatibility between indexers and universal forwarders, read "Indexer and universal forwarder compatibility" in the "Deployment Overview" topic of the Distributed Deployment Manual.
Install a license
About upgrading to 5.0 READ THIS FIRST
This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18