Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Upgrade Splunk UBA prerequisites

Upgrading to Splunk UBA 5.1.0.1 requires Splunk UBA 5.1.0. See How to install or upgrade to this release of Splunk UBA for upgrade path information.

  • If you are running a version lower than 5.0.5, you must first upgrade to version 5.0.5 to upgrade to version 5.1.0 and then to version 5.1.0.1.
  • If you are running a version lower than 5.0.0, you must first upgrade to version 5.0.0, then upgrade to version 5.0.5, then upgrade to version 5.1.0, and then upgrade to version 5.1.0.1.

Before you upgrade, perform the following tasks:

Hadoop ports changed for Splunk UBA version 5.1.0 and higher. See Networkiing requirements to verify Hadoop port information before upgrading.

  1. In RHEL Linux environments:
    1. Ensure that Splunk UBA has access to RHEL repositories.
    2. When installed on RHEL 8.x operating systems, Splunk UBA uses a 2048 bit RSA encryption key. The Splunk platform that communicates with Splunk UBA must also use a 2048 bit encryption key. See Red Hat Enterprise Linux 8.x cryptographic policies.
  2. Review the Known issues for this release in the Release Notes manual.
  3. The software update contains one archive file approximately 11MB in size. The total extracted size is approximately 70MB. Verify that you have enough free space in /home/caspida to store the extracted installer files.
  4. Backup your system. See Prepare to backup Splunk UBA in Administer Splunk User Behavior Analytics.
  5. Make sure your system is running normally by using the uba_health_check.sh shell script.
    /opt/caspida/bin/utils/uba_health_check.sh
    See Check system status before and after installation for more information about the script.

Instructions to upgrade your Splunk UBA deployment

After satisfying the prerequisite requirements, go to one of the following:

Upgrade multiple Splunk UBA clusters that are using warm standby

If you have two Splunk UBA clusters running in a warm standby configuration, perform the following tasks to upgrade both clusters. Links to documentation in the Administer Splunk User Behavior Analytics manual are provided. In this example, the original primary system is called System A and the standby system is called System B.

  1. Verify that both the System A and System B are configured for warm standby and are running as expected. See Verify that the primary and standby systems are synchronized .
  2. Manually trigger a sync between System A and System B. See Synchronize the primary and standby systems on-demand.
  3. Perform a failover from System A to System B. See Failover to a standby Splunk UBA system.
  4. Switch the roles of both systems to reflect the failover. See Change the role of both systems to switch the primary and standby systems.
  5. Failover from System B back to System A. See Failover to a standby Splunk UBA system.
  6. Switch the roles of both system again to reflect the second failover operation. See Change the role of both systems to switch the primary and standby systems.
  7. Run the uba_health_check.sh script. See Check system status before and after installation in the Install and Upgrade Splunk User Behavior Analytics manual.
  8. Use the health monitor to verify that both Splunk UBA systems are up and running.
  9. Upgrade the primary system (System A) to this release. Follow the upgrade instructions for your operating system.
  10. Upgrade the standby system (System B) to this release. Follow the upgrade instructions for your operating system.
  11. Check /var/log/caspida/UpgradeStatus-<release>.properties on both systems to verify that the upgrade succeeded. See Verify a successful upgrade of Splunk UBA in the Install and Upgrade Splunk User Behavior Analytics manual.
Last modified on 12 July, 2023
Secure the default account after installing Splunk UBA   Upgrade a single node AMI or OVA installation of Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.1.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters