All Apps and Add-ons

Linux Splunk upgrade script

Smokex365
Engager

The goal: A single script that can be run to:

List item

  • download splunk using the wget links (or from a directory if that would be an issue)
  • run the upgrade (the .deb file in my case)
  • answer the terms
  • and start splunk agian.

List item

I'm still very new to bash scripting so I have no clue even where to start. It would be nice to be able to just run this script and have everything done automatically. I could also see it being set as a scheduled task as long as some kind of check could be added to ensure it didn't spam the splunk servers and and download anything unless it's updated.

0 Karma

yannK
Splunk Employee
Splunk Employee

not tested

#!/bin/bash
splunk_download="http://blah.vlah.blah.com/splunk_installer.deb"
splunk_installer="splunk_installer.deb"

wget $splunk_download
/opt/splunk/bin/splunk stop
dpkg -i $splunk_installer
/opt/splunk/bin/splunk start --accept-license
rm -rf $splunk_installer 

Lsv
New Member

Don't forget you'll have to restart splunk after an update due to the license agreement. So that script could probably make use of

sudo service splunk restart

...and follow the instructions to move forward, unless there's something you can append to the dkpg line and do more?

0 Karma

yannK
Splunk Employee
Splunk Employee

not that I am aware of, you still can create a local repository for your install bits

0 Karma

Smokex365
Engager

Any way to make this work with the wget through releases without having to update the script for each release?

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...