All Apps and Add-ons
Highlighted

How to Upgrade Splunk Website Monitoring app

Engager

I've inherited a Splunk environment with many apps installed and some require upgrading.

Example:

I need to upgrade the Splunk Website Monitoring app from version 1.6 to 2.7.0 (current latest version).

I've searched on answers.splunk.com for how to upgrade Splunk apps, but all I could find is:

1..) In the case of the *nix app on my instance, I chose overwrite with 4.2.0 from the splunk -> manager -> apps window.

I can't find how to do this from the Splunk apps web interface. There's no obvious upgrade form, or place to "overwrite" the app.

2..) Helped me to get rid of "unix-all-logs" eventtypes:
1) move "unix" app from folder etc/apps
2) restart splunk
3) copy "unix" app back to etc/apps folder
4) restart splunk

Simply deleting the old app, and copying over the new app will results in the loss of all the currently defined inputs (of which there are currently over 300).

Is there some decent documentation on how to upgrade Splunk apps, and/or Website Monitoring in particular? I'm also concerned that the web UI shows more apps than I can currently find in the local/inputs.conf, leading me to believe these apps are defined elsewhere, and I don't want to lose my inputs if I upgrade.

Thank you

0 Karma
Highlighted

Re: How to Upgrade Splunk Website Monitoring app

Champion

How to upgrade the apps depends on both the app and the architecture of your Splunk install.

Non-Search Head Clustered Environment
For Website Monitoring on a standalone search head (not Search Head Clustered), you can upgrade it directly from the Manager (see here). Additionally, you will likely see a link in the apps list within Splunk saying something like "Update to 2.7.0". You can use this to update the app too (without having to upload the package).

Search Head Clustered Environment
For an SHC environment, you will need to update the app on the deployer and then invoke a rolling restart on the search heads.

Additional Thoughts

  • You will need to invalidate the browser caches anytime you upgrade an app that contains Javascript. More details are available here.
  • I recommend checking the apps after install to make sure they seem to working. In particular, make sure that data seems to be coming in. Some apps will include a health dashboard (I tend to include one in mine) that can be used for making sure the app seems to be functioning. I recommend doing a search through the apps logs using the health dashboard for log messages that are errors post upgrade.
  • If you have Website Monitoring, then there is a good chance you have some of my other apps too (Lookup Editor, Website Inputs, etc.). All of my apps can be upgraded the same way.
  • Some apps may require some level of manual migration in order to upgrade (like manually updating conf files); check the README in the app. This isn't true for Website Monitoring though; no manual migration is necessary in this case.
0 Karma
Highlighted

Re: How to Upgrade Splunk Website Monitoring app

Engager

Thanks for the quick response Luke.

We have this app installed in a few different places, including a stand alone Data Collection Node. I cloned the VM for this DCN and was able to successfully test an upgrade of the app as you suggested, on the cloned VM.

However, we also have the app installed on a search head cluster. The apps are all defined in git, then synch'ed to a deployment server, and the search head cluster nodes are deployment clients that pull down the app from the deployment server. So the config is all done on the command line via git.

Is there a way to update the app by editing the files on the CLI, not using the Splunk Web UI?

Thanks very much

Paul

0 Karma
Highlighted

Re: How to Upgrade Splunk Website Monitoring app

Champion

@stepowsk: In your case, it sounds like you will want to expand the Website Monitoring app archive onto the git repo though since the repo is feeding the deployment server (if I am reading your description correctly). You can download the app archive directly from the Splunkbase page and then expand it into a local clone of the git repo and push your changes up to the upstream repo.

After that, you should be able to get the changes pulled down onto the deployment server (using git pull) which should then feed the search heads accordingly. You can likely use the Forwarder Management dashboard on the deployment server to see that the package got deployed. You might need to force a rolling restart for the search heads to see that change; I don't recall if this happens automatically.

0 Karma