Splunk® Enterprise

Installation Manual

Upgrade to version 9.2 on UNIX

Before you upgrade

Before you upgrade, see About upgrading to 9.2: READ THIS FIRST for information on changes in the new version that can impact you if you upgrade from an existing version.

Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

Back your files up

Before you perform the upgrade, back up all of your files, including Splunk Enterprise configurations, indexed data, and binaries.

For information on backing up data, see Back up indexed data in Managing Indexers and Clusters of Indexers.

For information on backing up configurations, see Back up configuration information in the Admin Manual.

How upgrading works

To upgrade a Splunk Enterprise installation, you must install the new version directly on top of the old version (into the same installation directory.) When Splunk Enterprise starts after an upgrade, it detects that the files have changed and asks whether or not you want to preview the migration changes before it performs the upgrade.

If you choose to view the changes before proceeding, the upgrade script writes the proposed changes to the $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp> file.

Splunk Enterprise does not change your configuration until after you restart it.

Upgrade Splunk Enterprise

  1. Go to the machine with the Splunk Enterprise instance you want to upgrade, and open a shell prompt.
  2. Verify the folder where Splunk Enterprise is installed, and change to the $SPLUNK_HOME/bin directory.
  3. Stop the Splunk Enterprise services by running systemctl stop Splunkd.service or $SPLUNK_HOME/bin/splunk stop
  4. Confirm that no other processes will automatically start Splunk Enterprise, such as a configuration management or service management tool.
  5. To upgrade and migrate the existing configurations, install the latest Splunk Enterprise package directly over your existing deployment.
    • If you are using a .tar file, expand it into the same directory with the same ownership as your existing Splunk Enterprise instance. This overwrites and replaces the default files, but does not remove unique files or file paths. Example: tar xzf splunk-9.2.0-12345678-Linux-x86_64.tgz -C /opt
    • If you use a package manager, such as RPM, type rpm -U splunk_package_name.rpm
  6. Start the Splunk Enterprise services by running $SPLUNK_HOME/bin/splunk start
    Splunk Enterprise displays the following output.
    This appears to be an upgrade of Splunk.
    Splunk has detected an older version of Splunk installed on this machine. To
    finish upgrading to the new version, Splunk's installer will automatically
    update and alter your current configuration files. Deprecated configuration
    files will be renamed with a .deprecated extension.
    You can choose to preview the changes that will be made to your configuration
    files before proceeding with the migration and upgrade:
    If you want to migrate and upgrade without previewing the changes that will be
    made to your existing configuration files, choose 'y'.
    If you want to see what changes will be made before you proceed with the
    upgrade, choose 'n'.
    Perform migration and upgrade without previewing configuration changes? [y/n]
  7. (Optional) Choose whether or not you want to run the migration preview script to see proposed changes to your existing configuration files, or proceed with the migration and upgrade now. If you choose to view the expected changes, the script provides a list but does not start any services.
    After you review the migration changes and are ready to proceed with migration and upgrade, start the Splunk Enterprise services again.

Upgrade and accept the license agreement simultaneously

After you place the new files in the Splunk Enterprise installation directory, you can accept the license and perform the upgrade in one command.

  • To accept the license and begin the upgrade without viewing the changes, use the following command:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
Last modified on 05 January, 2024
Changes for Splunk App developers   Upgrade to version 9.2 on Windows

This documentation applies to the following versions of Splunk® Enterprise: 9.2.0, 9.2.1

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters