Scribd
Upload
104 views6 pages

How To Upgrade Splunk Universal Forwarder Version From 8 2 X To

The document provides steps to upgrade a Splunk Universal Forwarder from version 8.2.x to 8.2.5 in under 10 minutes. It involves stopping the existing forwarder, backing up files, downloading the new package, extracting it to overwrite files, and restarting the upgraded forwarder. The upgrade process automatically updates configuration files and renames deprecated ones.

Uploaded by

Gopinath S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
104 views6 pages

How To Upgrade Splunk Universal Forwarder Version From 8 2 X To

The document provides steps to upgrade a Splunk Universal Forwarder from version 8.2.x to 8.2.5 in under 10 minutes. It involves stopping the existing forwarder, backing up files, downloading the new package, extracting it to overwrite files, and restarting the upgraded forwarder. The upgrade process automatically updates configuration files and renames deprecated ones.

Uploaded by

Gopinath S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

How to

Upgrade
Splunk
Universal
Forwarder
under 10 mins
(From 8.2.x to version 8.2.5)
How to Create Indexer Cluster in Splunk under 10 mins Splunk Mania

Contents
Prerequisites ..............................................................................................................3
Step-1: Stop the Splunk Universal Forwarder ..............................................................3
Step-2: Take a backup of the files ...............................................................................3
Step-3: Download latest Splunk Universal Forwarder package....................................4
Step-4: Extract the package ........................................................................................4
Step-5: Start the Splunk Universal Forwarder .............................................................4
References ..................................................................................................................6
Contact: ......................................................................................................................6

@splunkmania #splunkmania
2
How to Create Indexer Cluster in Splunk under 10 mins Splunk Mania

Prerequisites
• SSH Access (Backend Access) to Universal Forwarder instance.
• All nodes must be connected over a network.
• Get the IP Address (or) Host Name (or) FQDN for Universal Forwarder instance
• Get the wget link from Splunk.com website

Note: Splunk Universal Forwarder does not provide a means of downgrading to previous
versions. If you need to revert to an older Splunk release, uninstall the upgraded version
and reinstall the version you want.
This Document provides steps to upgrade Splunk Universal Forwarder from the version
8.2.x to 8.2.5 in Linux OS.

Step-1: Stop the Splunk Universal


Forwarder
• SSH to the backend of Splunk Universal Forwarder instance.
• Stop the Splunk Universal Forwarder using below command.

$SPLUNK_HOME/bin/splunk stop

• e.g:

/opt/splunkforwarder/bin/splunk stop

Step-2: Take a backup of the files


Take the backup of the fishbucket directory and the Splunk Universal Forwarder
configurations directory
• e.g., fishbucket directory

$SPLUNK_HOME/var/lib/splunk/fishbucket
(or)
/opt/splunkforwarder/var/lib/splunk/fishbucket

@splunkmania #splunkmania
3
How to Create Indexer Cluster in Splunk under 10 mins Splunk Mania

• e.g., Splunk Universal Forwarder configurations directory

$SPLUNK_HOME/etc/
(or)
/opt/splunkforwarder/etc/

Step-3: Download latest Splunk Universal


Forwarder package
• Switch to home location of Splunk user (you can go to any location as you like)

cd /home/splunk

• Execute below CLI command (wget command) to download Splunk Universal


Forwarder 8.2.5 package

wget -O splunkforwarder-8.2.5-77015bc7a462-Linux-x86_64.tgz "https://download.splun


k.com/products/universalforwarder/releases/8.2.5/linux/splunkforwarder-8.2.5-77015b
c7a462-Linux-x86_64.tgz"

Step-4: Extract the package


• Extract the tar package into the same directory with the same ownership as your
existing Splunk Universal Forwarder instance. This overwrites and replaces the
default files, but does not remove unique files or file paths.

tar xzf splunkforwarder-8.2.5-77015bc7a462-Linux-x86_64.tgz -C /opt

Step-5: Start the Splunk Universal Forwarder


• Start the Splunk Universal Forwarder services by running below command

$SPLUNK_HOME/bin/splunk start
(or)
/opt/splunkforwarder/bin/splunk start

@splunkmania #splunkmania
4
How to Create Indexer Cluster in Splunk under 10 mins Splunk Mania

• Splunk Universal Forwarder displays the following output.


This appears to be an upgrade of Splunk.
--------------------------------------------------------------------------------
Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk's installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a. deprecated extension.
You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:
If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose 'y'.
If you want to see what changes will be made before you proceed with the
upgrade, choose 'n'.
Perform migration and upgrade without previewing configuration changes? [y/n]

• (Optional) Choose whether or not you want to run the migration preview script
to see proposed changes to your existing configuration files, or proceed with the
migration and upgrade now. If you choose to view the expected changes, the
script provides a list but does not start any services.

• After you review the migration changes and are ready to proceed with migration
and upgrade, start the Splunk Universal Forwarder services again

• Check the Splunk version using below command

$SPLUNK_HOME/bin/splunk -version
(or)
/opt/splunkforwarder/bin/splunk -version

That’s it… Splunk Universal Forwarder is successfully upgraded to version 8.2.5…!!

Happy Splunking…!!

Any help/support required on the Splunk Upgrade, please contact Splunk Mania Team
using any one of the methods mentioned in next page of this document.
@splunkmania #splunkmania
5
How to Create Indexer Cluster in Splunk under 10 mins Splunk Mania

References
https://docs.splunk.com/Documentation/Splunk/8.2.5/Installation/UpgradeonUNIX

Contact:
WhatsApp : +919345372209
Email : [email protected]
LinkedIn : https://www.linkedin.com/company/splunk-mania
Facebook : https://www.facebook.com/SplunkMania
Instagram : https://www.instagram.com/splunkmania/
Slack : https://splunkmania.slack.com/
YouTube : https://www.youtube.com/channel/UCknGfjgEIGCzb8CE6e3X_3A
Website : https://splunkmania.wixsite.com/splunkmania

@splunkmania #splunkmania
6

You might also like