Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of UBA. Click here for the latest version.
Acrobat logo Download topic as PDF

Upgrade Splunk UBA prerequisites

Splunk UBA 5.0 requires the Splunk UBA 4.3.1 platform release. See How to install or upgrade to Splunk UBA 5.0 for upgrade path information.

Before upgrade, perform the following tasks:

  1. This release provides support for multiple IP and MAC addresses during asset data ingestion provided that the addresses are separated by commas. If you have assets with multiple IP or MAC addresses using a different delimiter, set the attribution.keyvalue.delimiter property in /etc/caspida/local/conf/uba-site.properties before upgrading Splunk UBA. See Configure asset ingestion for multi-valued fields for instructions.
  2. In RHEL Linux environments, ensure that Splunk UBA has access to RHEL repositories.
  3. In RHEL Linux environments, review the External dependencies affected by this upgrade.
  4. Review the Known issues for this release.
  5. Verify that you have enough free space in /home/caspida to store the downloaded the extracted installer files.
  6. Backup your system. See Prepare to backup Splunk UBA.
  7. Make sure your system is running normally by using the uba_pre_check.sh shell script.
    See Check system status before and after installation for more information about the script.

After satisfying the prerequisite requirements, go to one of the following:

Last modified on 13 December, 2019
Secure the default account after installing Splunk UBA
Upgrade a single node AMI or OVA installation of Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters