All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-on for Unix and Linux

AMAN0113
Explorer
‎09-10-2023 11:42 PM

We have Splunk Add-on for Unix and Linux 8.2.0 installed and need to upgrade it to the latest version (8.10.0). Request someone to help if I can directly upgrade it to 8.10 or should there be an incremental upgrade. IS there any feature that will be affected in my existing set-up due to the upgrade. Also, what are the steps that should be taken while I perform this so as to not lose any of my existing configs. Is there any documentation for this.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-10-2023 11:46 PM

HI @AMAN0113,

if you didn't do any customization you can directly do you upgrade to tha latest version.

You can update using the deployment method you have in use: Deployment Server o manually.

Only one check: if you enabled inputs in local folder there will be no problem, if you enabled them in default folder (there's someone that does it), remember to enable the requested inputs.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

AMAN0113
Explorer
‎09-11-2023 07:05 PM

Hi @gcusello
Thanks for your inputs.
A follow up question, Do I have to expect any data loss during the upgrade? or is the add-on capable of backfilling the data lost during the time of upgrade. Also do I need to restart splunk on my server for the changes to reflect?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-11-2023 11:22 PM

Hi @AMAN0113,

on HF the upgrade made by GUI doesn't require restart, other wise you have to restart the forwarder.

During restart you don't loss any data, because logs are written by Linux in files that are read by the forwarder when it restarts, you'll only have a delay in indexing.

Obviously scripts aren't executed during restart, but they will executed at the next scheduled time.

Let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎09-12-2023 10:57 PM

One remarks. As @gcusello said you don't lost any data which are based on files. But there are some scripts which are using commands like ps, netstats, sar etc. to collect data by periods. When your TA is not on place and those inputs are not run, you obviously lost those event as those inputs scripts haven't run. But that should be any real issue.

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎09-11-2023 01:26 AM

Hi

as you can see from https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Upgrade there are something which you must/should check before you could do an update. 

r. Ismo

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎09-10-2023 11:46 PM

HI @AMAN0113,

if you didn't do any customization you can directly do you upgrade to tha latest version.

You can update using the deployment method you have in use: Deployment Server o manually.

Only one check: if you enabled inputs in local folder there will be no problem, if you enabled them in default folder (there's someone that does it), remember to enable the requested inputs.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...