Upgrade to version 10.2 on Windows

You can upgrade Splunk Enterprise on Windows with either the GUI installer or the msiexec utility on the command line, as described in Install on Windows via the command line.

Splunk does not provide a means of downgrading to previous versions. After you upgrade Splunk Enterprise, if you need to downgrade, you must uninstall the upgraded version and then reinstall the previous version of Splunk Enterprise that you were using. Do not attempt to install over an upgraded installation with an installer from a previous version, as this can result in a corrupt instance and data loss.

Before you upgrade

Before you upgrade, see About upgrading to 10.2: READ THIS FIRST for information on changes in the new version that can impact you if you upgrade from an existing version.

Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

No support for changing Splunk Enterprise network ports during an upgrade

Splunk Enterprise does not support changing the management or Splunk Web network ports when you upgrade. If you need to change these ports, do so either before or after you upgrade.

Back your files up

Before you upgrade, back up all of your files, including Splunk Enterprise configurations, indexed data, and binaries.

For information on backing up data, see Back up indexed data in Managing Indexers and Clusters of Indexes.
For information on backing up configurations, see Back up configuration information in the Admin Manual.

Keep copies of custom certificate authority certificates

When you upgrade on Windows, the installer overwrites any custom certificate authority (CA) certificates that you have created in %SPLUNK_HOME%\etc\auth. If you have custom CA files, back them up before you upgrade. After the upgrade, you can restore them into %SPLUNK_HOME%\etc\auth. After you have restored the certificates, restart Splunk Enterprise.

Upgrade Splunk Enterprise using the GUI installer

Visit and log into the Splunk.com Free Trials and Downloads page.
Select "Splunk Enterprise".
Select "Download now" to get the latest release, or "Previous Releases" to find a specific version.
Download the MSI file to the machine.
Double-click the MSI file. The installer runs and attempts to detect the existing version of Splunk Enterprise installed on the machine. When it locates the prior installation, it displays a pane that asks you to accept the licensing agreement.
Accept the license agreement. The installer then installs the updated Splunk Enterprise. This method of upgrade retains all parameters from the existing installation. The installer restarts Splunk Enterprise services when the upgrade is complete, and places a log of the changes made to configuration files during the upgrade in the %TEMP% directory.

Upgrade using the command line

Visit and log into the Splunk.com Free Trials and Downloads page.
Select "Splunk Enterprise."
Select "Download now" to get the latest release, or "Previous Releases" to find a specific version.
Download the MSI file to the machine.
Install the software, as described in Install on Windows via the command line.
- If Splunk Enterprise runs as a user other than the Local System user, specify the credentials for the user in your command-line instruction with the LOGON_USERNAME and LOGON_PASSWORD flags.
- You can use the LAUNCHSPLUNK flag to specify whether Splunk Enterprise is to start up automatically or not when the upgrade finishes, but it is not possible to change any other settings.
- Do not change the network ports (SPLUNKD_PORT and WEB_PORT) at this time. Wait until after you have completed the upgrade and verified that the instance comes up as you expect.
Depending on your specification, Splunk Enterprise might start automatically when you complete the installation.