Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help with upgrading Splunk from version 6.4.3 to 6.5.2 in Linux.

ashrafshareeb
Path Finder
‎07-17-2019 02:16 AM

Hi All,

We are planning to upgrade Splunk from 6.4.3 to 6.5.2 before we upgrade to 7.2 or 7.3.

I can see the installation uses the symbolic link to the Splunk version, in our case it's Splunk 6.4.3 linked to rel

rel -> splunk-6.4.3

$SPLUNK_HOME is set to /app/splunk/rel, I believe I need to unlink the symbolic link before the upgrade and run the below command in /app and NOT in /app/splunk folder. Just not sure about this. Hopefully someone can shed some light here, please.

tar -xzf splunk-6.5.2-67571ef4b87d-Linux-x86_64.tgz -C /app

Please do let me know if this approach would work. Any help is much appreciated.

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vliggio
Communicator
‎07-17-2019 05:57 AM

The command you have will create /app/splunk. If that's your desired state, you'd be best off moving Splunk there first so you untar over the old files. You don't need to preserve the old version - it's best to just tar over the old files, and if you for some reason need to revert to the old version, just untar the old version on top.

I'd shut down splunk, do mv /app/splunk/splunk-6.4.3/* /app/splunk, and then clean up the old stuff with an rmdir /app/splunk/splunk-6.4.3 and rm /app/splunk/rel. Then do tar -zxf splunk-6.5.2-67571ef4b87d-Linux-x86_64.tgz -C /app, and you'll be all set (make sure to change the $SPLUNK_HOME variable in your splunk_launch.conf if it's hard-coded - usually you don't need to hard-code that since it's automatically the parent directory of the bin directory).

Splunk by default is installed in /opt/splunk if you use the RPM, so you might want to move things there (only because it may confuse people less when you ask questions on here).

After you've done your untar, run the splunk enable boot-start command, so it rewrites your /etc/init.d/splunk startup script, just in case that's hard-coded to the old /app/splunk/rel

Any reason why you're going to 6.5.2 instead of 6.6.12? If you're going to migrate to 7, best to be at the latest 6 before you do. I recommend 7.2.7 over 7.3.0 (just because 7.3.0 is just released, and unless you need the latest features, it's best to wait for that first dot release).

View solution in original post

Reply
Solved! Jump to solution
Solution

vliggio
Communicator
‎07-17-2019 05:57 AM

The command you have will create /app/splunk. If that's your desired state, you'd be best off moving Splunk there first so you untar over the old files. You don't need to preserve the old version - it's best to just tar over the old files, and if you for some reason need to revert to the old version, just untar the old version on top.

I'd shut down splunk, do mv /app/splunk/splunk-6.4.3/* /app/splunk, and then clean up the old stuff with an rmdir /app/splunk/splunk-6.4.3 and rm /app/splunk/rel. Then do tar -zxf splunk-6.5.2-67571ef4b87d-Linux-x86_64.tgz -C /app, and you'll be all set (make sure to change the $SPLUNK_HOME variable in your splunk_launch.conf if it's hard-coded - usually you don't need to hard-code that since it's automatically the parent directory of the bin directory).

Splunk by default is installed in /opt/splunk if you use the RPM, so you might want to move things there (only because it may confuse people less when you ask questions on here).

After you've done your untar, run the splunk enable boot-start command, so it rewrites your /etc/init.d/splunk startup script, just in case that's hard-coded to the old /app/splunk/rel

Any reason why you're going to 6.5.2 instead of 6.6.12? If you're going to migrate to 7, best to be at the latest 6 before you do. I recommend 7.2.7 over 7.3.0 (just because 7.3.0 is just released, and unless you need the latest features, it's best to wait for that first dot release).

Reply
Solved! Jump to solution

ashrafshareeb
Path Finder
‎07-24-2019 01:23 PM

thanks a lot @vliggio

0 Karma
Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎07-17-2019 06:55 AM

Great answer. I want to emphasize the point about upgrading to 6.6, not 6.5 so you're better suited for getting to 7.x. Also the point about the rpm or the tgz being flexible as to where they install. Tar uses the -C parameter and rpm uses the --prefix= parameter.

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...