Splunk® Enterprise

Installation Manual

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Upgrade to 7.2 on UNIX

Before you upgrade

Before you upgrade, see About upgrading to 7.2: READ THIS FIRST for information on changes in the new version that can impact you if you upgrade from an existing version.

Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

Back your files up

Before you perform the upgrade, back up all of your files, including Splunk Enterprise configurations, indexed data, and binaries.

For information on backing up data, see Back up indexed data in the Managing Indexers and Clusters Manual.

For information on backing up configurations, see Back up configuration information in the Admin Manual.

How upgrading works

To upgrade a Splunk Enterprise installation, you must install the new version directly on top of the old version (into the same installation directory.) When Splunk Enterprise starts after an upgrade, it detects that the files have changed and asks whether or not you want to preview the migration changes before it performs the upgrade.

If you choose to view the changes before proceeding, the upgrade script writes the proposed changes to the $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp> file.

Splunk Enterprise does not change your configuration until after you restart it.

Upgrade Splunk Enterprise

  1. Open a shell prompt on the machine that has the instance that you want to upgrade.
  2. Verify the folder where Splunk Enterprise is installed, and change to the $SPLUNK_HOME/bin directory.
  3. Run the $SPLUNK_HOME/bin/splunk stop command to stop the instance.
  4. Confirm that no other processes can automatically start Splunk Enterprise.
  5. To upgrade and migrate, install the Splunk Enterprise package directly over your existing deployment.
    • If you use a .tar file, expand it into the same directory with the same ownership as your existing Splunk Enterprise instance. This overwrites and replaces matching files but does not remove unique files. tar xzf splunk-7.x.x-<version-info>.tgz -C /splunk/parent/directory
    • If you use a package manager, such as RPM, type rpm -U splunk_package_name.rpm
    • If you use a .dmg file on Mac OS X, double-click it and follow the instructions. Specify the same installation directory as your existing installation.
  6. Run the $SPLUNK_HOME/bin/splunk start command.
    Splunk Enterprise displays the following output.
    This appears to be an upgrade of Splunk.
    Splunk has detected an older version of Splunk installed on this machine. To
    finish upgrading to the new version, Splunk's installer will automatically
    update and alter your current configuration files. Deprecated configuration
    files will be renamed with a .deprecated extension.
    You can choose to preview the changes that will be made to your configuration
    files before proceeding with the migration and upgrade:
    If you want to migrate and upgrade without previewing the changes that will be
    made to your existing configuration files, choose 'y'.
    If you want to see what changes will be made before you proceed with the
    upgrade, choose 'n'.
    Perform migration and upgrade without previewing configuration changes? [y/n]
  7. Choose whether or not you want to run the migration preview script to see proposed changes to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list.
  8. After you review these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

Upgrade and accept the license agreement simultaneously

After you place the new files in the Splunk Enterprise installation directory, you can accept the license and perform the upgrade in one command.

  • To accept the license and view the expected changes (answer 'n') before continuing the upgrade, use the following command.
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
  • To accept the license and begin the upgrade without viewing the changes (answer 'y').
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
Last modified on 14 December, 2020
Changes for Splunk App developers
Upgrade to 7.2 on Windows

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters