[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)

[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)

2022-10-27

因為擔心 Splunk Enterprise 9.0.1 在 CentOS 6.10 是否可以執行 (作業系統太老)，測試一下。

官方網站
https://www.splunk.com/zh_tw

啟動說明  Launch Splunk Web - Splunk Documentation
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/StartSplunk

About upgrading to 9.0 READ THIS FIRST - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/AboutupgradingREADTHISFIRST

Splunk products version compatibility matrix - Splunk Documentation
https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix

直接下載連結
https://download.splunk.com/products/splunk/releases/9.0.1/linux/splunk-9.0.1-82c987350fde-linux-2.6-x86_64.rpm

Splunk Enterprise 8.2.6 升級 Splunk Enterprise 9.0.1 (CentOS 6.10)

如果沒先把 Splunk 停止，升級安裝時會自動停止它；若已先停止會報錯 (可忽略不管)

[root@localhost ~]# wget https://download.splunk.com/products/splunk/releases/9.0.1/linux/splunk-9.0.1-82c987350fde-linux-2.6-x86_64.rpm [root@localhost ~]# rpm -Uvh splunk-9.0.1-82c987350fde-linux-2.6-x86_64.rpm 警告：splunk-9.0.1-82c987350fde-linux-2.6-x86_64.rpm: 表頭 V4 RSA/SHA512 Signature, key ID b3cd4420: NOKEY 正在準備… ########################################### [100%] This looks like an upgrade of an existing Splunk Server. Attempting to stop the installed Splunk Server... splunkd is not running. [失敗] 1:splunk ########################################### [100%] complete [root@localhost ~]# [root@localhost ~]# /opt/splunk/bin/splunk start Splunk> Now with more code! Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Checking critical directories... Done Checking indexes... Validated: _audit _configtracker _internal _introspection _metrics _metrics_rollup _telemetry _thefishbucket cim_modactions history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Invalid key in stanza [email] in /opt/splunk/etc/apps/search/local/alert_actions.conf, line 2: show_password (value: True). Invalid key in stanza [oracle:audit:unified] in /opt/splunk/etc/apps/Splunk_TA_oracle/default/db_input_templates.conf, line 231: input_timestamp_column_index (value: 1). Invalid key in stanza [email] in /opt/splunk/etc/system/local/alert_actions.conf, line 4: reportServerEnabled (value: 1). Invalid key in stanza [email] in /opt/splunk/etc/system/local/alert_actions.conf, line 5: reportServerURL (value: ). Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-9.0.1-82c987350fde-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed. Starting splunk server daemon (splunkd)... PYTHONHTTPSVERIFY is set to 0 in splunk-launch.conf disabling certificate validation for the httplib and urllib libraries shipped with the embedded Python interpreter; must be set to "1" for increased security Done [ 確定 ] Waiting for web server at http://127.0.0.1:8000 to be available............................................. Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://127.0.0.1:8000 [root@localhost ~]# /opt/splunk/bin/splunk status splunkd is running (PID: 7944). splunk helpers are running (PIDs: 7948 8480 8494 8539 8540 8542 8561 8563 8642 8643 8678 8679 8707 8709 8796 8861). [root@localhost ~]#

管理畫面登入後，網頁標題可見變成 9.0.1 版

乍看似乎正常。

(完)

相關

[研究]Splunk Enterprise 8.2.6搬移舊資料到另一台 Splunk Enterprise 9.0.1新機器
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-splunk-enterprise.html

[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-splunkhome.html

[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-centos-610.html

[研究]Splunk Enterprise 9.0.1匯入原有 License
https://shaurong.blogspot.com/2022/10/splunk-enterprise-901-license.html

[研究]Splunk Enterprise 8.2.6 和 9.0.1執行 process 狀態
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-process.html

[研究]Splunk 授權檔目錄
https://shaurong.blogspot.com/2022/10/splunk.html

[研究]Splunk  Server 9.0.1於 Rocky Linux 9.0 安裝
https://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-90.html

[研究]Splunk  Server 9.0.1於 Rocky Linux 8.6 安裝
http://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-86.html

Splunk Product Comparison
https://www.splunk.com/en_us/software/features-comparison-chart.html

Splunk Free Trial and Downloads
https://www.splunk.com/en_us/download/splunk-light.html

Install on Linux - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/InstallonLinux

Launch Splunk Web - Splunk Documentation
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/StartSplunk

[研究]Spunk Server上用iptables防火牆解決nmap發現的弱憑證簽章 Weak certificate signature SHA1弱點
https://shaurong.blogspot.com/2021/06/spunk-serveriptablesnmap-weak.html

[研究] Nessus 報告 Splunk port 8089 有 35291 - SSL Certificate Signed Using Weak Hashing Algorithm 弱點
https://shaurong.blogspot.com/2021/06/nessus-splunk-port-8089-35291-ssl.html

[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on CentOS 8 Stream
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free_29.html

[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on Windows Server 2019
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free.html

[研究]Splunk Universal Forwarder 8.1.3 for Windows 安裝
https://shaurong.blogspot.com/2021/04/splunk-universal-forwarder-813-for.html

[研究] Splunk Free 8.1.3 的 .deb 版安裝、設定與測試 on Ubuntu 20
https://shaurong.blogspot.com/2021/04/splunk-free-813-deb-on-ubuntu-20.html

[研究]更新 Splunk 8.1.1 後，發現 log 沒進來之解決
https://shaurong.blogspot.com/2020/12/splunk-811-log.html