Deployment Architecture

How to upgrade Splunk Universal Forwarder to a New Version in Ubuntu Linux?

sanjubaba
Path Finder

How to upgrade Splunk Universal Forwarder to a New Version in Ubuntu Linux?

Labels (2)
0 Karma
1 Solution

inventsekar
SplunkTrust
SplunkTrust

Hi @sanjubaba ...

1. Confirm that an upgrade is necessary... As the first task, please make sure your indexer version and the new upgraded version are compatible. (doc link below)

2. backup your files.

3. How upgrading works
After you perform the installation of the new forwarder, you must restart it for any changes to take effect. You can run the migration preview utility at that time to see what will change before the files are updated. If you choose to view the changes before proceeding, the forwarder writes the proposed changes to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

 

Upgrade a single forwarder
choose - deb or tar

If you use an RPM file, use the RPM package manager (rpm -U <splunk_package_name>.rpm) from a shell prompt to perform the upgrade.

If you use a .tar file to upgrade a forwarder, expand it into the same directory with the same ownership as the existing universal forwarder instance. This overwrites and replaces matching files but does not remove unique files.

1. Stop the forwarder.

$SPLUNK_HOME/bin/splunk stop

2. Install the universal forwarder package directly over the existing deployment.

3. Start the forwarder again.

$SPLUNK_HOME/bin/splunk start

4. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list of those changes.

5. Once you have reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

You can complete the last three steps in one line.

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y'):
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

https://docs.splunk.com/Documentation/Forwarder/8.0.6/Forwarder/Upgradethenixuniversalforwarder

sanjubaba
Path Finder

@inventsekar Thanks for your reply.

Can you please let me know how to install splunkforwarder in custom directory other than /opt/?

Can you please help me with the command?

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Wien you are installing to custom place then the best option is use tar package. Just untar it to your chosen directory. More detailed instructions you could found from UF’s installation guide.
r. Ismo

sanjubaba
Path Finder

@isoutamo Thanks for your reply.

Can you share me the download link of Universal Forwarder tar file?

0 Karma

inventsekar
SplunkTrust
SplunkTrust

sanjubaba
Path Finder

@inventsekar Thanks. That's a great help. Appreciated!!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...