Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Upgrade Multiple Splunk Instances on the Same VM

daniaabujuma
Explorer
‎05-30-2023 11:26 PM

Hello,

I am running multiple Splunk instances on the same machine, located in /opt as follows:

/opt/splunk1

/opt/splunk2

/opt/splunk3 ... etc

I need to upgrade Splunk Enterprise to a newer version, I tried using the following RPM command:

sudo rpm -Uvh --relocate=/opt/splunk=/opt/splunk1 splunk.rpm

But I received the following error message:

path /opt/splunk in package splunk is not relocatable

I tried using a .tgz file instead, but it's also not working.

sudo tar -xzf splunk.tgz -C /opt/splunk1

Can anyone recommend a way to upgrade Splunk on all my instances?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:59 PM

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:37 PM

Hi

as you probably know you shouldn't run several instances on same node! You could do this only on your lab environment in all other cases you should use separate VMs for those .

When you have several installation on same node you cannot install those via package manger like rpm. Basically you could have one instance like /opt/splunk which have installed and updated by rpm.

Probably easiest way is to install a new version into /opt/splunk and then just use e.g. rsync to copy a new versions to other directories one by one. Another option (if you have gnu tar) is try 

cd /opt/splunk1 && tar --strip-components 1 -xvf <path>/splunk-xyx.tgz

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

daniaabujuma
Explorer
‎05-30-2023 11:54 PM

Hi @isoutamo 

Thank you for your reply!

I tried your recommendation but unfortunately it didn't work. Do you have any other recommendation that might work?

Thank you.

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:59 PM

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

0 Karma
Reply
Solved! Jump to solution

daniaabujuma
Explorer
‎05-31-2023 12:25 AM

Thank you @isoutamo this worked perfectly!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...