Upgrading the Forwarder

When you upgrade a forwarder, the installer updates the software without changing its configuration. Although, it is good practice to backup the configuration file.

Upgrading

1. Access the Splunk Forwarder Download page.
2. Sign in or create a Splunk account. Note: your Splunk account is not connected to your Ohio State account.
3. Download the forwarder for the operating system the forwarding host will use. The Splunk forwarder is available for Windows, Linux, MacOS, FreeBSD, Solaris, and AIX.
4. Stop the forwarder: $SPLUNK_HOME/bin/splunk stop

Using the GUI

1. Double-click the installer and follow the instructions.
2. Accept the license agreement and click "Install."
3. After the installation starts, specify the existing deployment directory.

Using the Command Line

Windows:

1. Navigate to the existing deployment directory.
2. Install the forwarder:
   • msiexec.exe /i splunkforwarder_package_name.msi
3. Start Splunk and accept the license:
   • $SPLUNK_HOME/bin/splunk start --accept-license

*nix:

1. Navigate to the existing deployment directory.
2. Using one of the below commands, install the forwarder.
   • TGZ: tar xvzf splunkforwarder_package_name.tgz
   • RPM: rpm -i splunkforwarder_package_name.rpm
   • DEB: dpkg -i splunkforwarder_package_name.deb
3. Start Splunk and accept the license:
   • $SPLUNK_HOME/bin/splunk start --accept-license

Potential Errors

• "Management port has been set disabled; cli support for this configuration is currently incomplete." This was intentionally disabled. Splunk cli listens on all IP addresses when using this functionality and the risk of using it is greater than the benefit.

Helpful Resources

• Upgrading the Forwarder