Installation

Upgrade Splunk AWS-EC2

arun_kant_sharm
Path Finder

Hi Experts,

Please suggest installation guide for update Splunk env in standalone/ distributed env.
My current Splunk version is
Splunk 7.2.0 (build 801893c2efb4)
and I want to move Splunk 7.3.0

Should I need to take backup of all Splunk Apps and scripts file before upgrade.
Please also suggest what I need to take as a Backup and how much time this activity take time?
Please suggest any checklist that required.

Earlier I install Splunk using AWS marketplace in my EC2 instance, so now I need to download its RPM first ??

Labels (1)
Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

Sur0791
New Member

Hi, We are thinking of upgrading splunk on aws EC2 to version 8.x.When one of the instances are terminated they auto spin up using AMI and we are thinking of best way to upgrade splunk on the. Is there any documentation that we could refer.

0 Karma

arun_kant_sharm
Path Finder

Hi Expert
I Downloaded Splunk after that I run below commands,

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C $SPLUNK_HOME
$SPLUNK_HOME/bin/splunk start
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

But the version remain same as earlier.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Check the $SPLUNK_HOME directory and I believe you'll find you have an extra splunk directory. The tar command needs to be run in Splunk's parent directory rather the home directory. In your case, the command probably would be tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt.

To fix the problem, delete the erroneous directory and retry the upgrade.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

arun_kant_sharm
Path Finder

Thanks for advice,

yes in my /opt directory two Splunk child directory was present.
splunk
splunk7.3

Then I deleted splunk7.3 and again run

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

Now my current splunk version is
Splunk 8.0.1 (build 6db836e2fb9e)

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!