- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk SOAR Upgrade Steps failure
Hello, I am going through the steps of updating Splunk SOAR Unpriv from the site documentation, but when I copy the new package to the Splunk-soar folder and want to start the phantom service, I encounter the error Phantom Startup failed: postgresql-11
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you trying to install the most recent version of SOAR? If so, upgrade to postgresql 15 if you can. The documentation is unclear but that's essentially required for 6.3. We ran into trouble trying to upgrade with postgresql 12. I can only imagine 11 has problems as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @saraomd93 ,
This is pretty generic and can be happening for many different reasons, so trying some:
- Maybe there is a PG instance that failed to halt and is still alive. Run a ps -ef | grep postgres and see if you get any process running. If so, kill the process
- Maybe there is a problem on the password set during the upgrade process. Review that against your current configuration and try again
- tail the <SOAR_DIR>/var/log/pgbouncer/pgbouncer.log for some hints about what is going wrong.
- tail the <SOAR_DIR>/data/db/pg_log/<todays_file>.log for some hints about what is going wrong.
- Check if you have enough space on disk on the partition where SOAR is installed (may look a bit dummy but I got surprised a few years back when my disk got full during the upgrade caused by DB backup that was done there).
