![]() ![]() See Prepare your Splunk Phantom deployment for upgrade. Prepare your Splunk Phantom deployment for upgrade If needed, add a local yum repository or create a satellite server for yum updates.Make sure the Splunk Phantom instance or cluster nodes have enough available space.See Prerequisites for upgrading Splunk Phantom. See Backup or restore your Splunk Phantom instance in Administer Splunk Phantom.įor single instance deployments running as a virtual machine, you can create a snapshot of the virtual machine instead. Make a full backup of your Splunk Phantom deployment before upgrading. Make a full back up of your Splunk Phantom deployment Upgrade checklistįollow these steps to prepare for and then perform an upgrade of Splunk Phantom. For example, to upgrade Splunk Phantom from version 4.9 to version 5.0.1, you must upgrade to version 4.10.7 before upgrading to version 5.0.1. See the following table for latest build numbers.ĭo not skip any required versions when upgrading Splunk Phantom. 4.10.any version -> 4.10.any later version (no going backward).The current upgrade path can go as follows: This means, for example, that you need to upgrade from the latest version of 4.8.x to the latest version of 4.9.x to the latest version of 4.10.x to the latest version of 5.0.x. Requires incremental upgrades from earlier versions. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.Splunk Phantom upgrade overview and prerequisites Use the search head cluster deployer to distribute the add-on across search head cluster members. Use the table to check the compatibility of the Splunk Phantom App for Splunk with Splunk Enterprise distributed deployment features. The add-on does not contain inputs for forwarder data collection. The add-on provides an nf file to create the phantom_modalert index. ![]() Use the table to determine where to install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise deployment. Where to install the app in a distributed deployment Use the tables below to determine where and how to install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise deployment. Install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise environment Restart Splunk Enterprise for the changes to take effect.Edit the $SPLUNK_HOME/etc/system/local/nf file.See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.Īuthorize the Splunk Phantom App for Splunk in the Splunk cluster captain node's nf file so that configuration changes made to the Splunk Phantom App for Splunk can be replicated within the search head cluster. Use a deployer to install the Splunk Phantom App for Splunk in a search head cluster environment. Install the Splunk Phantom App for Splunk in a search head cluster You can also search for and download the Splunk Phantom App for Splunk within Splunk Enterprise. Confirm that you want to restart Splunk Enterprise to complete the installation.Upload the Splunk Phantom App for Splunk file you downloaded earlier in this procedure.In the apps panel, click the gear icon.Log into your Splunk platform instance.Download Splunk Phantom App for Splunk from Splunkbase.To install the Splunk Phantom App for Splunk on a single search head, follow these steps: Install the Splunk Phantom App for Splunk on a single search head Install the Splunk Phantom App for Splunk on a single search head, search head cluster environment, or distributed Splunk Enterprise deployment. Install the Splunk Phantom App for Splunk on Splunk Enterprise ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |