Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Upgrade a Splunk UBA deployment that is using warm standby

Perform the following tasks to upgrade a Splunk UBA deployment that is using warm standby. The instructions apply to both single-node and multi-node deployments.

Before you begin

Open the hadoop data node port across your primary and standby clusters. See, Requirements to set up warm standby for Splunk UBA.

Upgrade steps

Perform the following tasks to complete the upgrade:

  1. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
  2. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  3. Turn off replication before upgrading the primary system.
  4. Upgrade the primary system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.
  5. Upgrade the standby system. See Upgrade Splunk UBA prerequisites and select the upgrade instructions for your operating system.

  6. Manually synchronize the primary and standby systems. See Synchronize the primary and standby systems on-demand in the Administer Splunk User Behavioral Analytics manual.
    If synchronization fails, run the following procedure:
    1. Run the following command on the management node in the primary system:
      /opt/caspida/bin/replication/setup standby -m primary -r

      When prompted with "subscription_caspida exists on standby node, which may cause warm standby setup issues on standby node. Would you like to delete it?", choose "Yy" for yes or "Nn" for no.

      1. Choose yes if you want to start cycleId from 0000000 after setup.
      2. Choose no if you want to resume from the existing cycleId after setup.
    2. Run the following command on the management node in the standby system:
      /opt/caspida/bin/replication/setup standby -m standby -r
    3. Run the curl command on the management node in the primary system to initiate a full sync:
      curl -X POST -k -H "Authorization: Bearer $(grep '^\s*jobmanager.restServer.auth.user.token=' /opt/caspida/conf/uba-default.properties | cut -d'=' -f2)" https://localhost:9002/jobs/trigger?name=ReplicationCoordinator 
      
    4. You can verify your setup by viewing the table in the Postgres database that tracks the status of the sync between the primary and standby systems, run the following command on the node(system) which has postgres installed.
      psql -d caspidadb -c 'select * from replication'
  7. Verify that both systems are synchronized. See Verify that the primary and standby systems are synchronized in the Administer Splunk User Behavioral Analytics manual.
  8. On the primary system, check the health monitor and verify that the data sources are working properly. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavioral Analytics manual, or Examine Splunk UBA system health with the Splunk UBA Monitoring app in the Splunk UBA Monitoring App manual if you are using the Splunk UBA Monitoring app.
Last modified on 25 November, 2024
Upgrade a distributed OEL installation of Splunk UBA   Verify a successful upgrade of Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.1.0, 5.1.0.1, 5.2.0, 5.2.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters