Upgrade a Splunk UBA deployment that is using warm standby
Perform the following tasks to upgrade a Splunk UBA deployment that is using warm standby. The instructions apply to both single-node and multi-node deployments.
- Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
- Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
- Upgrade the primary system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
- Upgrade the standby system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
- Run the following command in the management node of the standby system so that it is only running the services required for standby:
/opt/caspida/bin/Caspida stop-all && /opt/caspida/bin/Caspida start-all --no-caspida
- Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
- Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
- On the primary system, check the health monitor and verify that the data sources are working properly. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavioral Analytics manual, or Examine Splunk UBA system health with the Splunk UBA Monitoring app in the Splunk UBA Monitoring App manual if you are using the Splunk UBA Monitoring app.
Upgrade a distributed RHEL, CentOS, or Oracle Linux installation of Splunk UBA | Verify a successful upgrade of Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.5.1
Feedback submitted, thanks!