Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

Verify a successful upgrade of Splunk UBA

After upgrading Splunk UBA, verify a successful upgrade.

Verify data sources

Verify all the data sources that were processing before the upgrade are running and processing data.

  1. Log in to Splunk UBA in a web browser.
  2. From the Splunk UBA toolbar, select Manage > Data Sources.
  3. Verify that data sources are processing data and EPS is not zero.

Remove Postgres 10

UBA version 5.3.0 upgrades Postgres from version 10 to version 15. After validating that your upgrade is successful, you can safely remove Postgres 10 and reclaim space using the steps for your operating system.

For Redhat and OEL

  1. Remove the Postgres packages from the host:
    sudo yum remove postgresql10-* -y
  2. Remove the old Postgres data directory:

    This step only removes the data directory of the old Postgres version /var/lib/pgsql/10/data. All of this data has been migrated to Postgres 15. Backup data and archives are not affected.

    sudo /var/lib/pgsql/delete_old_cluster.sh

For Ubuntu, OVA, and AMI

  1. Remove the Postgres packages from the host:
    sudo dpkg -r --force-depends postgresql-10 postgresql-client-10
  2. Remove the old Postgres data directory:

    This step only removes the data directory of the old Postgres version /var/lib/postgresql/10/main. All of this data has been migrated to Postgres 15. Backup data and archives are not affected.

    sudo /var/lib/postgresql/delete_old_cluster.sh

Review the upgrade script output

If the upgrade failed, review the output from the upgrade script. Splunk UBA Web does not load if the upgrade is unsuccessful.

  1. Review the output from the upgrade script in /var/log/caspida/upgrade.out.
  2. If needed, work with Splunk Support to resolve upgrade errors.

After resolving errors with the upgrade, run the upgrade script again. The upgrade script skips successful steps and only runs failed steps again.

Review the Health Monitor dashboard

Verify that all Splunk UBA services are running on the Health Monitor dashboard to confirm a successful upgrade.

  1. Select System > Health Monitor to review the Health Monitor dashboard.

See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavior Analytics manual.

Last modified on 08 August, 2023
Upgrade a Splunk UBA deployment that is using warm standby   Configure Splunk UBA

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.3.0, 5.4.0, 5.4.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters