If you do not run the setup procedure promptly after the file upload completes, Enterprise Security displays errors. Use the following curl command to upgrade Splunk Enterprise Security.Ĭurl -k -u admin:password -d filename="true" -d name="" -d update="true" -v.On the search head, use the following command to start the installation process from the server command line.Upgrade Splunk Enterprise Security using the CLI When prompted, configure Splunk Enterprise Security.Click Upload to begin the installation.Click Upgrade app to overwrite the existing Splunk Enterprise Security installation.Click Choose File and select the Splunk Enterprise Security product file.Select the Splunk Enterprise Security product file.Upgrade Splunk Enterprise Security using the UI
On the Splunk Enterprise search page, select Apps > Manage Apps and choose Install App from File.To restart Splunk from the Splunk toolbar, select Settings > Server controls and click Restart Splunk.Increase the Splunk Web upload limit to 1 GB by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.For more information on installing Splunk Enterprise Security, see Install Splunk Enterprise Security. The installer is also bigger than the default upload limit for Splunk Web. The installer dynamically detects if you're installing in a single search head environment or search head cluster environment. Install the latest Splunk Enterprise Security Log in to the Enterprise Security search head as an administrator.Choose Download and save the Splunk Enterprise Security product file to your desktop.Download the latest Splunk Enterprise Security product.
You must be a licensed Enterprise Security customer to download the product. To back out of the upgrade, you must restore the prior version of Splunk Enterprise Security from backup.
See Back up KV Store for instructions on how to back up the KV Store on the search head. The upgrade process does not back up the existing installation before upgrading.