Splunk Enterprise

What are the steps to upgrade Splunk Forwarder On Linux?

Roy_9
Motivator

Hello All,

Can someone help me with the steps to upgrade Splunk Universal Forwarder on Linux machines?

Appreciate your help.

 

Thanks,

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

It's very easy.

1) Stop the forwarder

2) Untar the new code.

tar -zxf splunk<<something>>.tgz -C /opt

If necessary, replace /opt with the location of the forwarder on your machines (omit the /SplunkForwarder part).

3) Start the forwarder

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

It's very easy.

1) Stop the forwarder

2) Untar the new code.

tar -zxf splunk<<something>>.tgz -C /opt

If necessary, replace /opt with the location of the forwarder on your machines (omit the /SplunkForwarder part).

3) Start the forwarder

---
If this reply helps you, Karma would be appreciated.

isoutamo
SplunkTrust
SplunkTrust

Hi

1st you should check if the original UF was installed from tar package as @richgalloway used here or was it installed via package manager (rpm or dep). If later, then you should use the same package manager command like yum/dnf on RedHat based distroes. If you mix those method that will hit you later on.

r. Ismo

Roy_9
Motivator

yes @isoutamo  it was already installed and just needed to upgrade since the UF's are running on very old versions. Do i need to follow the steps which @richgalloway proposed, will it override the previous installation?

0 Karma

isoutamo
SplunkTrust
SplunkTrust

If it is installed outside of packet manager then you should follow @richgalloway 's instructions, but if it was installed by packet manager like rpm then you should use that packet manager version. Used packet manager is dependent of Your linux version (Red-hot, Centos, Debian, Ubuntu etc.)

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...