Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Question about uninstall/reinstall of UF

jeffbat
Path Finder
‎08-24-2020 10:14 AM

This is on a Windows Server.

If we do an uninstall of the UF on the server and then reinstall a newer UF version on the server, when it gets its apps pushed back down to it from the deployment server; will it reread all of the logs that it might have already processed before?

Things like the Windows Eventlogs System/Security/Application logs?

I am working with one of our teams that is building out a method of request for getting agents onto a new server and then pushing out the inputs it will collect.  One of the steps utilized from other agents (different tools) that this process would emulate is for when a new request to make a change to an existing server would be to uninstall an existing agent and then install the latest version we have in our build process.

I am worried that if this is done then it would go back and reread all of the log events in any logs that the server would have setup for reading.

I have currently had them not do this process for Splunk UF and am looking to have them just do a check on the currently installed Splunk version and only run an upgrade if needed (not uninstall/reinstall).

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-24-2020 10:44 AM
It depends on how the UF is uninstalled. If the fishbucket is deleted then the new installation will not know where the old UF left off and will re-read data.
I prefer to install new versions on top of the old version.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-24-2020 10:44 AM
It depends on how the UF is uninstalled. If the fishbucket is deleted then the new installation will not know where the old UF left off and will re-read data.
I prefer to install new versions on top of the old version.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jeffbat
Path Finder
‎08-25-2020 09:10 AM

Thanks.

That was what I was thinking.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...