Installation

Upgrade Splunk AWS-EC2

arun_kant_sharm
Path Finder

Hi Experts,

Please suggest installation guide for update Splunk env in standalone/ distributed env.
My current Splunk version is
Splunk 7.2.0 (build 801893c2efb4)
and I want to move Splunk 7.3.0

Should I need to take backup of all Splunk Apps and scripts file before upgrade.
Please also suggest what I need to take as a Backup and how much time this activity take time?
Please suggest any checklist that required.

Earlier I install Splunk using AWS marketplace in my EC2 instance, so now I need to download its RPM first ??

Labels (1)
Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Sur0791
Loves-to-Learn

Hi, We are thinking of upgrading splunk on aws EC2 to version 8.x.When one of the instances are terminated they auto spin up using AMI and we are thinking of best way to upgrade splunk on the. Is there any documentation that we could refer.

0 Karma

arun_kant_sharm
Path Finder

Hi Expert
I Downloaded Splunk after that I run below commands,

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C $SPLUNK_HOME
$SPLUNK_HOME/bin/splunk start
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

But the version remain same as earlier.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Check the $SPLUNK_HOME directory and I believe you'll find you have an extra splunk directory. The tar command needs to be run in Splunk's parent directory rather the home directory. In your case, the command probably would be tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt.

To fix the problem, delete the erroneous directory and retry the upgrade.

---
If this reply helps you, Karma would be appreciated.
0 Karma

arun_kant_sharm
Path Finder

Thanks for advice,

yes in my /opt directory two Splunk child directory was present.
splunk
splunk7.3

Then I deleted splunk7.3 and again run

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

Now my current splunk version is
Splunk 8.0.1 (build 6db836e2fb9e)

0 Karma
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...