I needed to upgrade a small Splunk server from 7.1.2 to 7.3.2 on a CentOS7. Overall the process was fairly straightforward, below were my steps. When in doubt, follow the official documentation from Splunk.
Download the new version of Splunk
Grab the .tgz file for Splunk Enterprise – https://www.splunk.com/en_us/download/splunk-enterprise.html#tabs/linux In this case the file name was:
Stop the Splunk Server
SSH into the splunk server and run:
Snapshot the Splunk server
If your splunk server is virtualized, it never hurts to grab a snapshot before you do the upgrade.
Assuming Splunk is installed to /opt/splunk, run the following command to upgrade splunk:
tar xvzf splunk-7.3.2-c60db69f8e32-Linux-x86_64.tgz -C /opt
Run splunk after the upgrade
This will start Splunk after the upgrade and accept the license:
/opt/splunk/bin/splunk start --accept-license
Also set Splunk to auto start if the server is rebooted:
/opt/splunk/bin/splunk enable boot-start
Delete your snapshot
If the upgrade appears to have been successful, don’t forget to delete your snapshot.