Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Universal Forwarder Version Update

Chirag812
Explorer
‎01-07-2025 04:20 AM

I need to upgrade the Splunk Universal forwarder version to all the existing installed windows 2016 and 2019 servers. I am using Splunk Enterprise as a Search head and indexer.

Is there a way that I can upgrade the old version with the latest without uninstalling the old and install the new one. And how this task can be done for all the servers together instead of one by one.

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-07-2025 04:45 AM

Hi @Chirag812 ,

at first you don't need to uninstall the old version,

and anyway you can follow the instructions at https://docs.splunk.com/Documentation/Forwarder/9.4.0/Forwarder/Upgradetheuniversalforwarder , you can upgrade your UFs using a deployment tool such as Group Policy or System Center Configuration Manager.

Officially Splunk don't  support UF binary upgrade via DS., fortunately this feature seems to be in development phase https://ideas.splunk.com/ideas/EID-I-70.

you can use two apps from Splunkbase:

the only limitation is that they are archived. 

Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-08-2025 01:14 AM

Hi

Basically you shouldn't uninstall previous versions when you are upgrading. If you uninstall it first then you are losing also fishbucket db which keep track ingested events. Basically that means reinvesting all files etc.

When you are updating UF version you should follow the same version path as defined for full enterprise. And remember to restart after every version update as otherwise e.g. DB conversions hasn't done.

As @gcusello said there is a new feature which allow update those UF binaries. Currently it's a beta or restricted to some customers. You could see more from voc.splunk.com.

If you have some other system management tools, then you can use those to update binaries, but again you must add needed steps to those workflows.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...