Upgrade to version 1.4.0

If you have installed a previous version of the content pack, you can upgrade to the latest version. Review the following high-level upgrade steps before you begin:

  1. Upgrade the Splunk App for Content Packs to v2.1.0.
  2. Delete the manually-created Entity Discovery Searches.
  3. Install Content Pack for Microsoft 365 v1.4.0.
  4. Clean up obsolete searches.

Prerequisites for upgrade

Create a full backup of your ITSI environment in case you need to revert the upgrade. For more information about creating a backup, see Create a Full Backup in the Administer Splunk IT Service Intelligence manual.

Step 1. Upgrade the Splunk App for Content Packs

  1. Check which ITSI version is compatible with Splunk App for Content Packs in the Compatibility with ITSI and ITE Work table.
  2. Download Splunk App for Content Packs v2.1.0 from Splunkbase.
  3. Follow the installation steps to upgrade the Splunk App for Content Packs.

Step 2. Delete the manually-created Entity Discovery Searches

  1. Click on Settings > Searches, reports, and alerts.
  2. Search your manual Entity Discovery Search for the Microsoft 365 Content Pack.
  3. Click Edit > Delete.
  4. Click Delete.

Step 3. Install v1.4.0 of the content pack and enable discovery search

Follow these steps to re-install the content pack and enable the discovery searches. Make sure to perform the following steps while in Step 5 of Install the content pack from the Splunk App for Content Packs.

  1. Select all the ITSI objects of the content pack Already Installed section in Choose which objects to install.
  2. Select Replace Existing parameter in Choose a conflict resolution rule for the objects you install.

Step 4. Clean up obsolete searches

To clean obsolete searches, refer to Run a search command to clean up obsolete searches. This is required to ensure that the deleted entity discovery search does not contribute to the Entity Status calculation.