Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk SOAR Upgrade Steps failure

saraomd93
Path Finder
‎12-16-2024 03:49 AM

Hello, I am going through the steps of updating Splunk SOAR Unpriv from the site documentation, but when I copy the new package to the Splunk-soar folder and want to start the phantom service, I encounter the error Phantom Startup failed: postgresql-11

Labels (1)
Labels
0 Karma
Reply

SOARt_of_Lost
Path Finder
‎12-17-2024 01:36 PM

Are you trying to install the most recent version of SOAR? If so, upgrade to postgresql 15 if you can. The documentation is unclear but that's essentially required for 6.3. We ran into trouble trying to upgrade with postgresql 12. I can only imagine 11 has problems as well.

Reply

victor_menezes
Communicator
‎12-17-2024 10:03 AM

Hi @saraomd93 ,

This is pretty generic and can be happening for many different reasons, so trying some:

- Maybe there is a PG instance that failed to halt and is still alive. Run a ps -ef | grep postgres and see if you get any process running. If so, kill the process

- Maybe there is a problem on the password set during the upgrade process. Review that against your current configuration and try again

- tail the <SOAR_DIR>/var/log/pgbouncer/pgbouncer.log for some hints about what is going wrong.

- tail the <SOAR_DIR>/data/db/pg_log/<todays_file>.log for some hints about what is going wrong.

- Check if you have enough space on disk on the partition where SOAR is installed (may look a bit dummy but I got surprised a few years back when my disk got full during the upgrade caused by DB backup that was done there).

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...