Upgrade path for Splunk SOAR (On-premises) privileged installations

This table is designed to show you the stages of upgrading a privileged deployment of Splunk Phantom or Splunk SOAR (On-premises) to the most recent release.

  • Splunk Phantom must be upgraded incrementally from release to release.
  • Splunk SOAR (On-premises) release 5.0.1 through release 5.3.4 can be upgraded directly to release 5.3.6.
  • Splunk SOAR (On-premises) release 5.3.5 and 5.3.6 can be converted to unprivileged.

After you upgrade to an unprivileged deployment, continue the upgrade steps described in unpriv.

CAUTION: Before upgrading, refer to Splunk SOAR (On-premises) upgrade overview and prerequisites for a list of important or breaking changes and the versions where those changes occur.

Upgrade path table

In the following table, find your currently installed Splunk Phantom or Splunk SOAR (On-premises) release to see your complete upgrade path.

Starting version Path to current version Notes
4.6.19142
  1. Upgrade to 4.8.24304
  2. Upgrade to 4.9.39220
  3. Upgrade to 4.10.7
  4. Upgrade to 5.3.6
  5. Convert to unprivileged.
  6. Continue with instructions for unprivileged upgrades
  1. Upgrade to 4.8.24304
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  4. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  5. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  6. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
4.8.24304
  1. Upgrade to 4.9.39220
  2. Upgrade to 4.10.7
  3. Upgrade to 5.3.6
  4. Convert to unprivileged.

  5. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 4.9.39220
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  3. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  4. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  5. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
4.9.39220
  1. Upgrade to 4.10.7
  2. Upgrade to 5.3.6
  3. Convert to unprivileged.

  4. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  4. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
4.10.0 - 4.10.7
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  4. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
4.10.7
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 4.10.7
    1. Standalone upgrade Upgrade a standalone Splunk Phantom instance
    2. Offline upgrade Upgrade Splunk Phantom on a system with limited internet access
    3. Cluster upgrade Upgrade a Splunk Phantom cluster
  2. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  3. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  4. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
5.0.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
5.1.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
5.2.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
5.3.0
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment.

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.
5.3.1
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations
5.3.2
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations
5.3.3
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations
5.3.4
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert 5.3.6 to unprivileged Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations
5.3.5
  1. Upgrade to 5.3.6
  2. Convert to unprivileged.

  3. Continue with instructions for unprivileged upgrades.
  1. Upgrade to 5.3.6
    1. Single instance upgrade Upgrade a single Splunk SOAR (On-premises) instance
    2. Cluster upgrade Upgrade a Splunk SOAR (On-premises) cluster
  2. Convert to unprivileged. Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment

  3. Continue with steps described in Upgrade path for Splunk SOAR (On-premises) unprivileged installations.

Examples

Example 1: Upgrading a clustered deployment from Splunk Phantom release 4.6:

  1. Upgrade your Splunk Phantom cluster nodes to release 4.8.24304
  2. Upgrade your Splunk Phantom cluster nodes to release 4.9.39220
  3. Upgrade your Splunk Phantom cluster nodes to release 4.10.7.63984
  4. Upgrade you Splunk Phantom cluster nodes to Splunk SOAR (On-premises) release 5.3.6
  5. Convert your privileged clustered deployment to unprivileged
  6. Follow instructions for unprivileged upgrade.

Example 2: Upgrading from single instance deployment of Splunk Phantom release 4.6:

  1. Upgrade Splunk Phantom to release 4.8.24304
  2. Upgrade Splunk Phantom to release 4.9.39220
  3. Upgrade Splunk Phantom to release 4.10.7.63984
  4. Upgrade Splunk Phantom to release Splunk SOAR (On-premises) release 5.3.6
  5. Convert your privileged clustered deployment to unprivileged
  6. Follow instructions for unprivileged upgrade.