Getting Data In

Upgrade Multiple Splunk Instances on the Same VM

daniaabujuma
Explorer

Hello,

I am running multiple Splunk instances on the same machine, located in /opt as follows:

/opt/splunk1

/opt/splunk2

/opt/splunk3 ... etc

I need to upgrade Splunk Enterprise to a newer version, I tried using the following RPM command:

sudo rpm -Uvh --relocate=/opt/splunk=/opt/splunk1 splunk.rpm

But I received the following error message:

path /opt/splunk in package splunk is not relocatable

I tried using a .tgz file instead, but it's also not working.

sudo tar -xzf splunk.tgz -C /opt/splunk1

Can anyone recommend a way to upgrade Splunk on all my instances?

Labels (2)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

as you probably know you shouldn't run several instances on same node! You could do this only on your lab environment in all other cases you should use separate VMs for those .

When you have several installation on same node you cannot install those via package manger like rpm. Basically you could have one instance like /opt/splunk which have installed and updated by rpm.

Probably easiest way is to install a new version into /opt/splunk and then just use e.g. rsync to copy a new versions to other directories one by one. Another option (if you have gnu tar) is try 

cd /opt/splunk1 && tar --strip-components 1 -xvf <path>/splunk-xyx.tgz

r. Ismo 

0 Karma

daniaabujuma
Explorer

Hi @isoutamo 

Thank you for your reply!

I tried your recommendation but unfortunately it didn't work. Do you have any other recommendation that might work?

Thank you.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

0 Karma

daniaabujuma
Explorer

Thank you @isoutamo this worked perfectly!

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...