Getting Data In

How to upgrade Apps (Palo Alto) on a Heavy Forwarder Cluster setup?

splk
Communicator

Hello community,

I just take over a cluster (which is not in full productive mode yet) and i want to update all settings / apps before go live.
The Palo Alto App for example is on 4.x, available already is 5.x.

The cluster consists of Heavy Forwarders, Indexer Cluster and Search Heads (incl. Cluster Master and Management Server).
I can not find any documentation which tells me how to upgrade apps on such an setup.

So how to start, and in which order?
1. Create a new deplyoment app (deplyoment server) for the HF
2. Create a new shccluster app for the Search Heads
3. Create a new master app for the indexer cluster?

But what about the already installed Palo Alto App 4.x and the configuration files (local/transforms.conf...).
Do I need to uninstall the App first? Migrate the conf files by hand? Or is Splunk aware of the ugprade?

Thanks for your help.

0 Karma

splk
Communicator

Resolved:

Simple extract the new App into the existing app directory and overwrite all files (some backup would be helpful), local/ should be untouched. Follow the upgrade instructions from the app itself.

0 Karma

splk
Communicator

Looks like the documentation: http://docs.splunk.com/Documentation/Splunk/6.4.1/DistSearch/PropagateSHCconfigurationchanges points in some direction: To update an app on the cluster members, put the updated version in the configuration bundle.

But what does this mean technically? Untar the App and overwrite the existing one? What to do with the system/local/* files?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...