• Read This First
  • Before you install
    • System Requirements
    • Installing as root
  • What Gets Installed
• Step by Step Installation
  • Step 1: Unpack the software
    • Tarball
    • RPM
    • deb
    • FreeBSD
    • Mac OS
    • Solaris
  • Step 2: Start Splunk
  • Step 3: Install your license
    • Using SplunkWeb
    • From the command line
• Install Splunk Toolbar
  • How to Install the Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk toolbar
  • How to install the Splunk toolbar for Internet Explorer (beta)
    • Install Internet Explorer toolbar from download page
    • Install toolbar in Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Automated installation
  • Configure Splunk to Start at System Startup
  • Run Splunk as a non-root user
    • Start Splunk as a non-root user
  • License Management
    • Installing or updating a license
  • Uninstall Splunk
    • RedHat Linux
    • Debian Linux
    • Solaris
    • FreeBSD
    • Manual uninstall
• Upgrade Instructions
  • Read this first before upgrading to 3.0.x
    • All bundles, all the time
    • Terminology changes
    • Event typer changes
    • What will be preserved on upgrade
    • Deployment server
    • License changes
  • Upgrading 2.1.x or 2.2.x to 3.0.x
    • Step 1: Administrative preparation
    • Step 2: Install the 3.0.x package and update your database
    • Step 3: Update and restore your configuration files
  • Upgrading to a later 3.0.x maintenance release
    • For rpm, pkg, and deb upgrades
    • For tar upgrades
• Help
  • Getting Help
    • Accessing help in SplunkWeb
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
  • Installer options
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Upgrading to a later 3.0.x maintenance release

These instructions apply when you update from any 3.0+ release to any 3.0.1 or higher release.

Depending on your installation method, you may have to perform one step to successfully upgrade from Splunk 3.0 to 3.0.1.

For rpm, pkg, and deb upgrades

If you rpm -u or use other native package upgrade options, your $SPLUNK_HOME/etc directory will be moved to etc.bak and replaced with the shipping etc. As a result you will not see your license file, users, inputs, etc.

1. Create a backup of your /etc directories:
   • cp -a $SPLUNK_HOME/etc/ $SPLUNK_HOME/etc.bak
2. Upgrade Splunk using rpm -U on the Splunk rpm or pkg file.
3. Restore your configuration to the upgraded installation by copying your backed up /etc directories and files. Copy the following directories and files as indicated:
   • $SPLUNK_HOME/etc.bak/auth/* to $SPLUNK_HOME/etc/auth/
   • $SPLUNK_HOME/etc.bak/passwd to $SPLUNK_HOME/etc/
   • $SPLUNK_HOME/etc.bak/bundles/local/* to $SPLUNK_HOME/etc/bundles/local/
   • $SPLUNK_HOME/etc.bak/splunk.license to $SPLUNK_HOME/etc/splunk.license
   • For any bundles directories you have created in your existing installation, copy:
     • $SPLUNK_HOME/etc.bak/bundles/<your bundles>/ to $SPLUNK_HOME/etc/bundles/

IMPORTANT: Copy these files and directories individually. Do not copy the entire $SPLUNK_HOME/etc.bak directory back to /etc. If you do so, the version number and other information will be incorrect.

Contact support with any questions.

For tar upgrades

For tar upgrades, it's not necessary to restore your configuration as with rpm/pkg/deb. However, Splunk recommends that you back up your /etc directories.

1. Create a back up of your etc directories.
   • cp -a $SPLUNK_HOME/etc/ $SPLUNK_HOME/etc.bak
2. Upgrade Splunk using tar on the Splunk tar file.