Upgrade the Splunk Add-on for Windows in a distributed deployment
For optimized use of your Splunk license, upgrade the Splunk Add-on for Windows by installing it on your Splunk platform components in the following order:
- Search heads
- Search head clusters
- Nonclustered indexers, Windows heavy forwarders, and intermediate forwarders
- Clustered indexers
- Deployment servers
Upgrade the Splunk Add-on for Windows on a search head
Follow these steps to install your upgraded version of the Splunk Add-on for Windows on each search head:
- Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
- Expand your downloaded file.
- On each search head, copy the expanded folder into the
$SPLUNK_HOME/etc/apps
directory. - Restart each search head.
Upgrade the Splunk Add-on for Windows on a search head cluster
To upgrade an add-on on a search head cluster, remove the previous version and push the upgraded version to the cluster:
- Remove the existing
Splunk_TA_Windows
folder from the$SPLUNK_HOME/etc/shcluster/apps
directory. - Push this change to the cluster using the
splunk apply shcluster-bundle
command. - Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
- Expand your downloaded file.
- Copy the expanded folder into the
$SPLUNK_HOME/etc/shcluster/apps
directory. - Push the upgraded version to the cluster using the
splunk apply shcluster-bundle
command.
Upgrade the Splunk Add-on for Windows on nonclustered indexers and intermediate forwarders
Complete the following steps to upgrade these components:
- Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
- Expand your downloaded file to a temporary location.
- Remove the following files:
<app>/bin
<app>/default/eventgen.conf
<app>/default/inputs.conf
<app>/default/wmi.conf
<app>/default/indexes.conf
- Copy the expanded
Splunk_TA_Windows
folder to the$SPLUNK_HOME/etc/apps
directory.
Upgrade the Splunk Add-on for Windows on an indexer cluster
Follow these steps to upgrade the Splunk add-on for Windows on each of your indexer clusters:
- Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
- Expand your downloaded file.
- Review the use of index in all inputs associated with the Splunk Add-on for Windows and identify all indexes
- Ensure each index has been defined in indexes.conf in the appropriate location under
$SPLUNK_HOME/etc/master_apps
- Copy the expanded
Splunk_TA_Windows
folder to the$SPLUNK_HOME/etc/master_apps
directory on the cluster master. - Apply the cluster bundle
Upgrade the Splunk Add-on for Windows using a deployment server
You can use a deployment server to upgrade the Splunk Add-on for Windows in your distributed deployment:
- Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
- Expand your downloaded file.
- Copy the expanded
Splunk_TA_Windows
folder to the$SPLUNK_HOME/etc/deployment-apps
directory. - Restart the deployment server.
Upgrade the Splunk Add-on for Windows | Configure the Splunk Add-on for Windows |
This documentation applies to the following versions of Splunk® Add-on for Windows: 8.1.1
Feedback submitted, thanks!