• Read This First
  • System requirements
    • Host operating system
    • Client operating system / browser (for access to Splunk Web)
    • Hardware capacity requirements
    • Supported server hardware architectures
    • Supported file systems
    • Storage and performance notes
• Step by Step Installation
  • Before you install
    • Installing as root
    • Running Splunk on Windows
    • Disabling update checker
    • What ports Splunk uses
    • What gets installed
    • Advanced installation topics
  • AIX installation
    • Install Splunk
    • Start Splunk
    • Manage your license
    • Uninstall Splunk
  • FreeBSD installation
    • Install Splunk
    • What gets installed
    • Start Splunk
    • Manage your license
    • Uninstall Splunk
  • Linux installation
    • Install Splunk
    • What gets installed
    • Start Splunk
    • Manage your license
    • Uninstall Splunk
  • Mac OS installation
    • Install Splunk
    • Start Splunk
    • Manage your license
    • Uninstall Splunk
  • Solaris installation
    • Install Splunk
    • What gets installed
    • Start Splunk
    • Manage your license
    • Uninstall Splunk
  • Windows installation
    • Install Splunk
    • Start Splunk
    • Launch Splunk in a Web browser
    • Install or upgrade license
    • Uninstall Splunk
  • Startup options
    • Add Splunk to your shell path
    • Start Splunk
    • Start individual processes
    • Start help
    • Open Splunk in a Web browser
  • License management
    • Access your license
    • Install via Splunk Web
    • Install via CLI
    • First login after applying new trial/Enterprise license
    • License violations
• Install Splunk Toolbar
  • Install Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk Toolbar
  • Install Splunk toolbar for Internet Explorer (beta)
    • Install from download page
    • Install from Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Configure Splunk before startup
    • To start at boot time
    • To bind to an IP
  • Run Splunk as non-root user
    • Instructions
    • Solaris 10 privileges
  • Disable update checker
  • Install Splunk for lightweight forwarding
  • Install a forward-only Splunk instance on Windows
    • Overview:
  • Configure SELinux
  • Uninstall Splunk manually
• Upgrade Instructions
  • Upgrade and migrate to 3.3 and later
  • Upgrade Splunk on Windows
    • Start Splunk
  • Migration considerations
    • Users of LDAP on MacOSX Leopard should back up ldap.conf before upgrading via DMG to 3.4
    • Bundles/configuration directory structure changed and renamed
    • Scripts in /splunk/bin may not be saved
    • Saved searches and search operators
    • Changes to indexes.conf
    • Must upgrade all instances of Splunk in a distributed environment
    • Instances of Splunk deployment server must match clients
  • Migrate your Windows saved searches to 3.3.x and later
    • Run the migration script
    • What has changed
  • Migrate bundles to new application directory structure
    • Things to consider
    • Run the migration script
• Help
  • Getting Help
    • Accessing help in Splunk Web
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Upgrade Splunk on Windows

Important: Before you upgrade:

• Review these migration considerations.
• Back up your files.
• Stop Splunk either using the Windows Start menu option or by executing the $SPLUNK_HOME/bin/splunk stop command.
• Be aware that you cannot change the user Splunk runs as during an upgrade. Do not change the user from the Windows Service Control panel; Splunk will stop working. If you must change the user, you must uninstall and reinstall Splunk.

1. Download the new MSI file from the Splunk download page.

2. Double-click the MSI file.
The Welcome panel is displayed. Follow the onscreen instructions to upgrade Splunk.
For information about each panel, refer to the installation instructions.
When you reach the Install step, you have the option to preview changes that will be made for this upgrade.

3. Preview your upgrade and migration if desired.

When you upgrade, your configuration files are updated and changed to support the new functionality. You can run the migration preview utility to see what will be changed before you actually upgrade and migrate. When you do this, a file containing the changes that the script proposes to make is written to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>

The following text is displayed:

This appears to be an upgrade of Splunk.

--------------------------------------------------------------------------------

Splunk has detected an older version of Splunk installed on this machine. To
finish upgrading to the new version, Splunk\'s installer will automatically
update and alter your current configuration files. Deprecated configuration
files will be renamed with a .deprecated extension.

You can choose to preview the changes that will be made to your configuration
files before proceeding with the migration and upgrade:

If you want to migrate and upgrade without previewing the changes that will be
made to your existing configuration files, choose \'y\'.
If you want to see what changes will be made before you proceed with the
upgrade, choose \'n\'. 

Perform migration and upgrade without previewing configuration changes? [y/n]

Note for upgrading to 3.3.2 and later If you have made manual changes to the $SPLUNK_HOME/etc/system/local/inputs.conf file, make a backup copy of this file to compare the full migration changes, including any changes to Windows-specific type data inputs, after the process is complete. Some global settings (like "host = foohost") may not be preserved. See the known issues for version 3.3.2 for details.

4. You're given the choice of running the migration preview script to see what changes will be made to your existing configuration files, or proceeding with the migration and upgrade right away.

5. If you choose to view the expected changes (select N), the script provides a list.
You can scroll up to review the changes or look at them in $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>. At the end of the list, you will see an error message, which you can ignore.
6. Press Enter to return to step 3 and finish your upgrade by typing Y.

Start Splunk

On Windows, Splunk is installed by default into \Program Files\Splunk

You can start and stop the following Splunk processes via the Windows Services Manager:

• Server daemon: splunkd
• Web interface: splunkweb

You can also start, stop, and restart both processes at once by going to \Program Files\Splunk\bin and typing

#  splunk.exe [start|stop|restart]

Note: If you do not select Start Splunk Services now, they will be set to manual startup and therefore will not start after a reboot. You must start them from the Windows Service Manager MMC, and optionally configure auto-start if you want them to start automatically at boot time.

Important: After upgrading, Splunk may start reading some files incorrectly as binaries. You can override this behavior in props.conf by adding NO_BINARY_CHECK = true to the source or sourcetype stanza.