Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Upgrade a Splunk UBA deployment that is using warm standby

Perform the following tasks to upgrade a Splunk UBA deployment that is using warm standby. The instructions apply to both single-node and multi-node deployments.

  1. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
  2. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  3. Upgrade the primary system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
  4. Upgrade the standby system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
  5. Run the following command in the management node of the standby system so that it is only running the services required for standby:
    /opt/caspida/bin/Caspida stop-all && /opt/caspida/bin/Caspida start-all --no-caspida

    If you see the following error:

    "ERROR: cannot execute UPDATE in a read-only transaction."
    Perform the workaround documented in UBA-14675 in the Known issues in Splunk UBA in the Release Notes.
  6. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
  7. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  8. On the primary system, check the health monitor and verify that the data sources are working properly. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavioral Analytics manual, or Examine Splunk UBA system health with the Splunk UBA Monitoring app in the Splunk UBA Monitoring App manual if you are using the Splunk UBA Monitoring app.
Last modified on 22 July, 2022
PREVIOUS
Upgrade a distributed RHEL, CentOS, or Oracle Linux installation of Splunk UBA
  NEXT
Verify a successful upgrade of Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.4, 5.0.4.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters