Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Upgrade Multiple Splunk Instances on the Same VM

daniaabujuma
Explorer
‎05-30-2023 11:26 PM

Hello,

I am running multiple Splunk instances on the same machine, located in /opt as follows:

/opt/splunk1

/opt/splunk2

/opt/splunk3 ... etc

I need to upgrade Splunk Enterprise to a newer version, I tried using the following RPM command:

sudo rpm -Uvh --relocate=/opt/splunk=/opt/splunk1 splunk.rpm

But I received the following error message:

path /opt/splunk in package splunk is not relocatable

I tried using a .tgz file instead, but it's also not working.

sudo tar -xzf splunk.tgz -C /opt/splunk1

Can anyone recommend a way to upgrade Splunk on all my instances?

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:59 PM

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:37 PM

Hi

as you probably know you shouldn't run several instances on same node! You could do this only on your lab environment in all other cases you should use separate VMs for those .

When you have several installation on same node you cannot install those via package manger like rpm. Basically you could have one instance like /opt/splunk which have installed and updated by rpm.

Probably easiest way is to install a new version into /opt/splunk and then just use e.g. rsync to copy a new versions to other directories one by one. Another option (if you have gnu tar) is try 

cd /opt/splunk1 && tar --strip-components 1 -xvf <path>/splunk-xyx.tgz

r. Ismo 

0 Karma
Reply
Solved! Jump to solution

daniaabujuma
Explorer
‎05-30-2023 11:54 PM

Hi @isoutamo 

Thank you for your reply!

I tried your recommendation but unfortunately it didn't work. Do you have any other recommendation that might work?

Thank you.

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎05-30-2023 11:59 PM

One hack could be

  1. mkdir -p /tmp/splunk
  2. cd /tmp/splunk
  3. tar xvzf <path to downloaded>/splunk-xyx.tgz
  4. cd splunk
  5. tar cvzf ../splunk-relocated.tgz ./*

That will repackage splunk version without splunk/ directory prefix.

Now just go to /opt/splunk1 etc. one by one and use /tmp/splunk/splunk-relocated.tgz package as source. Note you must be in /opt/splunk1 not in /opt directory when you are extracting that package!

0 Karma
Reply
Solved! Jump to solution

daniaabujuma
Explorer
‎05-31-2023 12:25 AM

Thank you @isoutamo this worked perfectly!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...