Splunk Enterprise

Upgrade Splunk Enterprise from 9.0.0 to 9.0.7

AL3Z
Builder

Hi,

We need to upgrade our Splunk Enterprise from version 9.0.0 to 9.0.7 on the Deployment Server. Can someone please provide me with the steps required to perform this upgrade?

I also need guidance on what needs to be backed up before executing this upgrade. Additionally, could you provide an estimation of the time required to complete this upgrade process?

what about the time to complete these upgrade ?

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Splunk has documentation on this subject.  See https://docs.splunk.com/Documentation/Splunk/9.0.7/Installation/HowtoupgradeSplunk

---
If this reply helps you, Karma would be appreciated.
0 Karma

isoutamo
SplunkTrust
SplunkTrust
0 Karma

AL3Z
Builder

Can we install as a root ?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Yes you should install it as you are root user, but then you should chown it as splunk (or other non root user). Then enable it start as that user.

richgalloway
SplunkTrust
SplunkTrust

Yes, but it is not recommended.

---
If this reply helps you, Karma would be appreciated.
0 Karma

AL3Z
Builder

@richgalloway ,

What will happen ? how do we install then ?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Nothing will happen.  Splunk will run just fine when installed as root.  Doing so, however, is not a good security practice.  Everything Splunk does will be as root - including any unknown vulnerabilities.  User scripts will run as root, which means they have the potential to cause great harm to the system.

Install Splunk as a normal user.  User "splunk" is common.  If it's necessary to install using root (when using rpm files, for instance), then use the chown command to give ownership to 'splunk' afterwards.

---
If this reply helps you, Karma would be appreciated.

AL3Z
Builder

@richgalloway ,

I'm aiming to upgrade my Splunk Enterprise on the deployment server, but I'm uncertain whether it's configured as standalone or distributed. How can we verify this and proceed with the upgrade accordingly? Additionally, does the upgrade process differ between standalone and distributed setups?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The process for upgrading standalone and distributed Splunk installation is the same.  For distributed environments, there is a prescribed upgrade order.  See https://docs.splunk.com/Documentation/Splunk/9.1.2/Installation/HowtoupgradeSplunk and https://docs.splunk.com/Documentation/Splunk/9.1.2/Installation/UpgradeyourdistributedSplunkEnterpri...

---
If this reply helps you, Karma would be appreciated.
0 Karma

AL3Z
Builder

@isoutamo @richgalloway ,

Unable to access the backend for the splunk through putty netwotk is not allowing me to connect what could be the cause?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That should be a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...