This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4
If you are upgrading from a Splunk version in the range of 3.0.x through 3.1.x to any version in the range 3.1.x through 3.1.3, you must back up your $SPLUNK_HOME/etc/* directories manually. These instructions explain how to do this.
Note: By convention, this document uses $SPLUNK_HOME to refer to the location of your Splunk install.
/etc directories:
cp -a $SPLUNK_HOME/etc/ $SPLUNK_HOME/etc.bak
rpm -U on the Splunk rpm or pkg file.
/etc directories and files. Copy the following directories and files as indicated:
$SPLUNK_HOME/etc.bak/auth/* to $SPLUNK_HOME/etc/auth/
$SPLUNK_HOME/etc.bak/passwd to $SPLUNK_HOME/etc/
$SPLUNK_HOME/etc.bak/bundles/local/* to $SPLUNK_HOME/etc/local/
$SPLUNK_HOME/etc.bak/splunk.license to $SPLUNK_HOME/etc/splunk.license
$SPLUNK_HOME/etc.bak/bundles/<your bundles>/ to $SPLUNK_HOME/etc/
IMPORTANT: Copy these files and directories individually. Do not copy the entire $SPLUNK_HOME/etc.bak directory back to /etc. If you do so, the version number and other information will be incorrect.
Contact support with any questions.
For tar upgrades, it's not necessary to restore your configuration as with rpm/pkg/deb. However, Splunk recommends that you back up your /etc directories.
1. Create a back up of your /etc directories.
cp -a $SPLUNK_HOME/etc/ $SPLUNK_HOME/etc.bak
2. In the $SPLUNK_HOME directory, upgrade Splunk using tar to unpack the file.