Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Upgrade a Splunk UBA deployment that is using warm standby

Perform the following tasks to upgrade a Splunk UBA deployment that is using warm standby. The instructions apply to both single-node and multi-node deployments.

  1. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
  2. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  3. Upgrade the primary system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
  4. Upgrade the standby system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
  5. Run the following command in the management node of the standby system so that it is only running the services required for standby:
    /opt/caspida/bin/Caspida stop-all && /opt/caspida/bin/Caspida start-all --no-caspida
  6. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
  7. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  8. On the primary system, check the health monitor and verify that the data sources are working properly. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavioral Analytics manual, or Examine Splunk UBA system health with the Splunk UBA Monitoring app in the Splunk UBA Monitoring App manual if you are using the Splunk UBA Monitoring app.
Last modified on 22 July, 2022
Upgrade a distributed RHEL, CentOS, or Oracle Linux installation of Splunk UBA   Verify a successful upgrade of Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters