Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Upgrade Splunk ESCU on Search head clsuter members

vikas_gopal
Builder
‎05-21-2024 11:59 AM

Hi Experts , 

Someone has installed ESCU app directly on the Search head members . Now I am upgrading this app to a newer release . 

Question :- Since this app was not installed from the deployer but I want to upgrade it via deployer what is the best practice and method to achieve this 

Here is my plan , please correct me if I am thinking wrong 

Step 1) First I will copy the installed folder from one of the SHC member to deployer under /etc/app so that it install itself on the deployer and then I can manually upgrade it using deployer GUI

Step2) Once upgraded , I will copy upgraded app from /etc/apps folder to /etc/shcluster/apps folder 

Step3) run apply shcluster-bundle on the deployer to push the upgraded app to SHC members .

Do you think above is the right approach ? if not what else I can do 

 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎05-22-2024 12:20 AM

Hi @vikas_gopal ,

only one detail:

for my knowledge, the only app that requires to be installed on the SHC-Deployer is Splunk Enterprise Security,

all the other apps (so also ESCU) don't require to be installed in the SHC-Deployer, you can only copy and untar them in the $SPLUNK_HOME/etc/shcluster folder and then push them to the SHC memebers.

In genetal, avoid to install an app directly on a SH member.

Ciao.

Giuseppe

0 Karma
Reply

tej57
Builder
‎05-21-2024 11:47 PM

Hello @vikas_gopal,

Yes, the steps you have mentioned seems to be the appropriate to continue managing the app from SHC Deployer in future. 

Thanks,
Tejas. 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...