Cyber Chasse- Splunk Upgrade Downgrade

Steps to Splunk Upgrade/Downgrade in Linux Instance

In this blog, we can understand Steps to Splunk Upgrade/Downgrade in Linux Instance.

Splunk is one such technology tool that allows IT security teams to gain valuable insights while offering visibility and security intelligence throughout the organization. This platform helps in searching, analysing, and visualizing the raw data collected through multiple resources. It offers various versions with each having its own functionalities. This in turn gives birth to confusions in choosing the right version suitable for an organization or individual.  

The most common question that keeps lingering in one’s mind is, is it possible to upgrade or downgrade Splunk if the current version they use doesn’t meet their needs. But no worries, you can easily upgrade or downgrade Splunk whenever you want. However, it varies for different operating systems. So, if you are looking for this feature in Linux Instance, adhere to the following steps. But, don’t forget to backup your files to avoid any data loss if an accident occurs. 

Steps to Upgrade/Downgrade Splunk in Linux Instance 
1. Stop Splunk when you are going to proceed with upgrade or downgrade process 
2. If you want to backup the existing conf of Splunk version, compress and archive your files using the below-mentioned command. (Here we archive the folder ‘etc’, and archive here refers to the file name you are going to provide to the archived file)  

  • tar –czvf archive.tar.gz /opt/splunk/etc 

3. Do not forget to save backup. Put archive file or folder in the desired destination using move command, here we place it at ‘opt’. 

  • mv etc_splunk131.tar.gz/opt/ 

4. Download the Splunk version suitable for you from With ‘wgetcommand install the same in your machine. 
5. For installation, execute run wget command from root access.  
6. Execute the following command to untarnew Splunk package with the yes/no instructions that follows. 

  • tar xvzf splunk_package_name.tgz -C /opt 

7. If the Splunk folder’s ownership is root use, use the following command to alter it. 

  • chown  -R splunk:splunk /opt/splunk 

8. Now, switch to Splunk user from root access 
9. Initiate Splunk 
10. Accept the license (y) 
11. Accept the previous configuration you were using (y) 
12. Check if all your apps work fine without any version issues. 
If you still have issues in this topic feel free to drop your queries in the Comment Box below and for much such informative videos, follow us on 👍 Social Networks, Happy Splunking >😉