Installation

Upgrade from Splunk 7.3.1 to Splunk 8.1 is not working

rahulbhatia
Path Finder

Hi Team,

I am trying to upgrade Splunk from 7.3.1 to Splunk 8.1, using the following steps :-

Stoping Splunk on the server

tar -xzf ${SPLUNK_HOME}/splunk-8.1.5-9c0c082e4596-Linux-x86_64.tgz -C ${SPLUNK_HOME}/

${SPLUNK_HOME}/bin/splunk start --accept-license --answer-yes

When the splunk is getting started on this server its still showing splunk 7.3 version.

 

The python version on the linux machine is 2.7.5,  can you please confirm if that is the root cause for this behavior.

Thanks in advance !!

 

 

 

Labels (1)
0 Karma
1 Solution

anirbandasdeb
Path Finder

Hey Rahul, 

I guess you are untarring to a child directory.. 

Note the command for untarring (from https://docs.splunk.com/Documentation/Splunk/8.2.1/Installation/UpgradeonUNIX)

tar xzf splunk-8.2.0-12345678-Linux-x86_64.tgz -C /opt

In this case, the actual directory for $SPLUNK_HOME is /opt/splunk/ 

With your command, the Splunk 8.1 files were untarred to $SPLUNK_HOME/splunk

You can run ls -l to verify that.. 

 

TL;DR:

Untar to one dir level back from $SPLUNK_HOME

View solution in original post

0 Karma

anirbandasdeb
Path Finder

Hey Rahul, 

I guess you are untarring to a child directory.. 

Note the command for untarring (from https://docs.splunk.com/Documentation/Splunk/8.2.1/Installation/UpgradeonUNIX)

tar xzf splunk-8.2.0-12345678-Linux-x86_64.tgz -C /opt

In this case, the actual directory for $SPLUNK_HOME is /opt/splunk/ 

With your command, the Splunk 8.1 files were untarred to $SPLUNK_HOME/splunk

You can run ls -l to verify that.. 

 

TL;DR:

Untar to one dir level back from $SPLUNK_HOME

0 Karma

rahulbhatia
Path Finder

Thanks, yeah i was doing this mistake.

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@rahulbhatia 

Can you please check migration logs for ERROR?

$SPLUNK_HOME/var/log/migration.log.YYYY-mm-dd.HH-MM-SS 

You can also validate version using below search,

 

| rest /services/server/info | table splunk_server version

 

 

0 Karma

rahulbhatia
Path Finder

Hi Kamlesh,

 

i verified the migration logs, it didn't generated and the splunk version is still 7.3.1 

 

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Is that any error during restarting Splunk? Can you please check it?

0 Karma

rahulbhatia
Path Finder

there is no such error or warning pointing to such issues.

The python version on that server is 2.7 can that be areason ?

 

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

No I don't think So. Splunk has it's own Python binaries/

isoutamo
SplunkTrust
SplunkTrust
Can you find the manifest file for 8.1.5 from $SPLUNK_HOME?
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...