Installation

Upgrade Splunk AWS-EC2

arun_kant_sharm
Path Finder

Hi Experts,

Please suggest installation guide for update Splunk env in standalone/ distributed env.
My current Splunk version is
Splunk 7.2.0 (build 801893c2efb4)
and I want to move Splunk 7.3.0

Should I need to take backup of all Splunk Apps and scripts file before upgrade.
Please also suggest what I need to take as a Backup and how much time this activity take time?
Please suggest any checklist that required.

Earlier I install Splunk using AWS marketplace in my EC2 instance, so now I need to download its RPM first ??

Labels (1)
Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Upgrading Splunk on AWS is the same as upgrading on physical hardware. I recommend you upgrade using the .tar file rather than the rpm. Also, if you're going to 7.3.x, make it 7.3.3. See https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/HowtoupgradeSplunk for the upgrade steps.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Sur0791
Loves-to-Learn

Hi, We are thinking of upgrading splunk on aws EC2 to version 8.x.When one of the instances are terminated they auto spin up using AMI and we are thinking of best way to upgrade splunk on the. Is there any documentation that we could refer.

0 Karma

arun_kant_sharm
Path Finder

Hi Expert
I Downloaded Splunk after that I run below commands,

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C $SPLUNK_HOME
$SPLUNK_HOME/bin/splunk start
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

But the version remain same as earlier.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Check the $SPLUNK_HOME directory and I believe you'll find you have an extra splunk directory. The tar command needs to be run in Splunk's parent directory rather the home directory. In your case, the command probably would be tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt.

To fix the problem, delete the erroneous directory and retry the upgrade.

---
If this reply helps you, Karma would be appreciated.
0 Karma

arun_kant_sharm
Path Finder

Thanks for advice,

yes in my /opt directory two Splunk child directory was present.
splunk
splunk7.3

Then I deleted splunk7.3 and again run

$SPLUNK_HOME/bin/splunk stop
tar -xzf /home/ec2-user/splunk-8.0.1-6db836e2fb9e-Linux-x86_64.tgz -C /opt
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes
$SPLUNK_HOME/bin/splunk --version

Now my current splunk version is
Splunk 8.0.1 (build 6db836e2fb9e)

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...