New AMI and OVA installations run Splunk Phantom as the user account phantom rather than as root. In Splunk Phantom 4.10 and for future releases, the AMI and OVA versions of Splunk Phantom are unprivileged. Migrate a privileged deployment to an unprivileged deployment See the Red Hat Knowledgebase article How can we regularly update a disconnected system (A system without internet connection)?īefore you upgrade Splunk Phantom, you will need to prepare your instance or your cluster nodes by updating the operating system, installed packages, and adding the Splunk Phantom repositories and their signing keys. If your Splunk Phantom deployment has no access or restricted access to the internet, you must either create a satellite server or local YUM repository for operating system packages and other dependencies. A minimum of 5GB of space available in the /tmp directory on the Splunk Phantom instance or cluster node.įor deployments with restricted internet access, add local yum repositories for upgrade.If your Splunk Phantom deployment has restricted internet access, you will need a local yum repository or a satellite server from which to get yum packages.Your Splunk Phantom Community portal login.For new AMI or OVA versions of Splunk Phantom 4.10, the user account is phantom. For unprivileged deployments, you also need the login credentials for the user account that runs Splunk Phantom.For privileged deployments, user accounts on the operating system for your Splunk Phantom instance or cluster nodes with sudo or root access on those systems.You need the following information before beginning your upgrade: Prerequisites for upgrading Splunk Phantom For clustered deployments, after the preparation stages are complete, upgrading your Splunk Phantom cluster is done in a rolling fashion, one node at a time. See Prepare Splunk Phantom for a backup in Back up a Splunk Phantom deployment in Administer Splunk Phantom.Īfter all the preparation stages are complete, you can upgrade your Splunk Phantom instance or cluster. Install the Splunk Phantom repositories and signing keysĬonditional Rerun the setup command for ibackup.Update the operating system and installed software packages.See Prepare your Splunk Phantom deployment for upgrade. Prepare your Splunk Phantom deployment for upgrade If needed, add a local yum repository or create a satellite server for yum updates.Make sure the Splunk Phantom instance or cluster nodes have enough available space.See Prerequisites for upgrading Splunk Phantom. See Backup or restore your Splunk Phantom instance in Administer Splunk Phantom.įor single instance deployments running as a virtual machine, you can create a snapshot of the virtual machine instead. Make a full backup of your Splunk Phantom deployment before upgrading. Make a full back up of your Splunk Phantom deployment Upgrade checklistįollow these steps to prepare for and then perform an upgrade of Splunk Phantom. For example, to upgrade Splunk Phantom from version 4.9 to version 5.0.1, you must upgrade to version 4.10.7 before upgrading to version 5.0.1. See the following table for latest build numbers.ĭo not skip any required versions when upgrading Splunk Phantom. 4.10.any version -> 4.10.any later version (no going backward).The current upgrade path can go as follows: This means, for example, that you need to upgrade from the latest version of 4.8.x to the latest version of 4.9.x to the latest version of 4.10.x to the latest version of 5.0.x. Requires incremental upgrades from earlier versions. Splunk Phantom upgrade overview and prerequisites
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |