Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to upgrade Splunk Universal Forwarder to a New Version in Ubuntu Linux?

sanjubaba
Path Finder
‎10-17-2020 09:06 PM

How to upgrade Splunk Universal Forwarder to a New Version in Ubuntu Linux?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎10-18-2020 05:50 AM

Hi @sanjubaba 

the latest version of linux UF 8.0.6 - 

https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux

 

if you are looking for versions before 8.0.6, then:

https://www.splunk.com/en_us/download/previous-releases/universalforwarder.html#tabs/linux

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-17-2020 09:53 PM

Hi @sanjubaba ...

1. Confirm that an upgrade is necessary... As the first task, please make sure your indexer version and the new upgraded version are compatible. (doc link below)

2. backup your files.

3. How upgrading works
After you perform the installation of the new forwarder, you must restart it for any changes to take effect. You can run the migration preview utility at that time to see what will change before the files are updated. If you choose to view the changes before proceeding, the forwarder writes the proposed changes to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

 

Upgrade a single forwarder
choose - deb or tar

If you use an RPM file, use the RPM package manager (rpm -U <splunk_package_name>.rpm) from a shell prompt to perform the upgrade.

If you use a .tar file to upgrade a forwarder, expand it into the same directory with the same ownership as the existing universal forwarder instance. This overwrites and replaces matching files but does not remove unique files.

1. Stop the forwarder.

$SPLUNK_HOME/bin/splunk stop

2. Install the universal forwarder package directly over the existing deployment.

3. Start the forwarder again.

$SPLUNK_HOME/bin/splunk start

4. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list of those changes.

5. Once you have reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

You can complete the last three steps in one line.

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y'):
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

https://docs.splunk.com/Documentation/Forwarder/8.0.6/Forwarder/Upgradethenixuniversalforwarder

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Solved! Jump to solution

sanjubaba
Path Finder
‎10-17-2020 10:08 PM

@inventsekar Thanks for your reply.

Can you please let me know how to install splunkforwarder in custom directory other than /opt/?

Can you please help me with the command?

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎10-18-2020 02:54 AM
Wien you are installing to custom place then the best option is use tar package. Just untar it to your chosen directory. More detailed instructions you could found from UF’s installation guide.
r. Ismo
Reply
Solved! Jump to solution

sanjubaba
Path Finder
‎10-18-2020 03:32 AM

@isoutamo Thanks for your reply.

Can you share me the download link of Universal Forwarder tar file?

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎10-18-2020 05:50 AM

Hi @sanjubaba 

the latest version of linux UF 8.0.6 - 

https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux

 

if you are looking for versions before 8.0.6, then:

https://www.splunk.com/en_us/download/previous-releases/universalforwarder.html#tabs/linux

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
Reply
Solved! Jump to solution

sanjubaba
Path Finder
‎10-18-2020 06:18 AM

@inventsekar Thanks. That's a great help. Appreciated!!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...

Index This | How many sevens are there between 1 and 100?

August 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...