Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk upgrade on AIX machine

dannyuk
New Member
a month ago

Hi,

I'm fairly new to AIX and I have been tasked with upgrading our customers version of SPLUNK from 9.0.1 to 9.4.1, the below steps are what I did which seemed to work and now have version 9.4.1 on the system:

 

Implementation Plan::
Create a copy/backup of the splunkforwarder folder: cp -r /opt/splunk/splunkforwarder /opt/splunk/splunkforwarder_backup_$(date +%F)

mkdir /tmp/splunk_temp

tar -xvf /nim/media/SOFTWARE/splunk/Splunk-9.4.1/splunkforwarder-9.4.1-2f7817798b5d-aix-powerpc.tar -C /tmp/splunk_temp

/opt/splunk/splunkforwarder/bin/splunk stop

/opt/splunk/splunkforwarder/bin/splunk status

rsync -av /tmp/splunk_temp/splunkforwarder/ /opt/splunk/splunkforwarder/

rm -rf /tmp/splunk_temp

chown -R 510:510 /opt/splunk/splunkforwarder
chown -R root:system /opt/splunk/splunkforwarder/var

/opt/splunk/splunkforwarder/bin/splunk status      <<<< This command will kick in the migration and upgrade to 9.4.1

/opt/splunk/splunkforwarder/bin/splunk start

/opt/splunk/splunkforwarder/bin/splunk status         <<<<< Shows splunk has been upgraded to 9.4.1

 

I've also read the Install the universal forwarder on AIX instructions but just wanted to check if the way i've upgraded splunk actually is going to work even though it says it has been upgraded ??

 

Thanks

Labels (1)
Labels
0 Karma
Reply

livehybrid
Champion
a month ago

Hi @dannyuk 

Yes, the steps you followed using rsync to overlay the new version files onto the existing installation directory after stopping the service is a valid method for upgrading a Splunk Universal Forwarder installed from a .tar file on AIX.

The key steps are stopping the forwarder, replacing the binaries and default files with the new version's files, and then restarting it. When Splunk starts after the file replacement, it detects the version change and runs any necessary migration scripts.

While running splunk status might have initiated the migration check, the standard command to ensure the migration proceeds and licenses are accepted is: /opt/splunk/splunkforwarder/bin/splunk start --accept-license --answer-yes so you may wish to pass these flags to the status script to prevent being prompted to scroll through the agreement and accept.

It's always a good idea to check the splunkd.log file after an upgrade for any errors or warnings that might have occurred during the migration process. $SPLUNK_HOME/var/log/splunk/splunkd.log

🌟 Did this answer help you? If so, please consider:

  • Adding kudos to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

isoutamo
SplunkTrust
SplunkTrust
a month ago
One additional comment. You don't need to extract a new version into temp folder. You can/should extract it directly into current forwarder folder.

If I recall correctly there is no need to update AIX's subsystem with new binary? It should work with current settings and start UF after restart. If not then check correct steps from installation / admin manual.
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
li.common.scroll-to.top