Installation
Highlighted

Upgrade Splunk AWS-EC2

Path Finder

Hi Experts,

Please suggest installation guide for update Splunk env in standalone/ distributed env.
My current Splunk version is
Splunk 7.2.0 (build 801893c2efb4)
and I want to move Splunk 7.3.0

Should I need to take backup of all Splunk Apps and scripts file before upgrade.
Please also suggest what I need to take as a Backup and how much time this activity take time?
Please suggest any checklist that required.

Earlier I install Splunk using AWS marketplace in my EC2 instance, so now I need to download its RPM first ??

Labels (1)
Tags (2)
0 Karma
Highlighted

Re: Upgrade Splunk AWS-EC2

SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Highlighted

Re: Upgrade Splunk AWS-EC2

Path Finder

Hi Expert
I Downloaded Splunk after that I run below commands,

$SPLUNKHOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86
64.tgz -C $SPLUNKHOME
$SPLUNK
HOME/bin/splunk start
$SPLUNKHOME/bin/splunk start --accept-license --answer-yes
$SPLUNK
HOME/bin/splunk --version

But the version remain same as earlier.

0 Karma
Highlighted

Re: Upgrade Splunk AWS-EC2

SplunkTrust
SplunkTrust

Check the $SPLUNKHOME directory and I believe you'll find you have an extra splunk directory. The tar command needs to be run in Splunk's parent directory rather the home directory. In your case, the command probably would be `tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x8664.tgz -C /opt`.

To fix the problem, delete the erroneous directory and retry the upgrade.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Highlighted

Re: Upgrade Splunk AWS-EC2

Path Finder

Thanks for advice,

yes in my /opt directory two Splunk child directory was present.
splunk
splunk7.3

Then I deleted splunk7.3 and again run

$SPLUNKHOME/bin/splunk stop
**tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86
64.tgz -C /opt**
$SPLUNKHOME/bin/splunk start --accept-license --answer-yes
$SPLUNK
HOME/bin/splunk --version

Now my current splunk version is
Splunk 8.0.1 (build 6db836e2fb9e)

0 Karma