Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk SOAR Upgrade Steps failure

saraomd93
Path Finder
‎12-16-2024 03:49 AM

Hello, I am going through the steps of updating Splunk SOAR Unpriv from the site documentation, but when I copy the new package to the Splunk-soar folder and want to start the phantom service, I encounter the error Phantom Startup failed: postgresql-11

Labels (1)
Labels
0 Karma
Reply

SOARt_of_Lost
Path Finder
‎12-17-2024 01:36 PM

Are you trying to install the most recent version of SOAR? If so, upgrade to postgresql 15 if you can. The documentation is unclear but that's essentially required for 6.3. We ran into trouble trying to upgrade with postgresql 12. I can only imagine 11 has problems as well.

Reply

victor_menezes
Communicator
‎12-17-2024 10:03 AM

Hi @saraomd93 ,

This is pretty generic and can be happening for many different reasons, so trying some:

- Maybe there is a PG instance that failed to halt and is still alive. Run a ps -ef | grep postgres and see if you get any process running. If so, kill the process

- Maybe there is a problem on the password set during the upgrade process. Review that against your current configuration and try again

- tail the <SOAR_DIR>/var/log/pgbouncer/pgbouncer.log for some hints about what is going wrong.

- tail the <SOAR_DIR>/data/db/pg_log/<todays_file>.log for some hints about what is going wrong.

- Check if you have enough space on disk on the partition where SOAR is installed (may look a bit dummy but I got surprised a few years back when my disk got full during the upgrade caused by DB backup that was done there).

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...