Upgrade to version 9.4 on UNIX
Before you upgrade
Before you upgrade, see About upgrading to 9.4: READ THIS FIRST for information on changes in the new version that can impact you if you upgrade from an existing version.
Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.
Back your files up
Before you perform the upgrade, back up all of your files, including Splunk Enterprise configurations, indexed data, and binaries.
For information on backing up data, see Back up indexed data in Managing Indexers and Clusters of Indexers.
For information on backing up configurations, see Back up configuration information in the Admin Manual.
How upgrading works
To upgrade a Splunk Enterprise installation, you must install the new version directly on top of the old version (into the same installation directory.) When Splunk Enterprise starts after an upgrade, it detects that the files have changed and asks whether or not you want to preview the migration changes before it performs the upgrade.
If you choose to view the changes before proceeding, the upgrade script writes the proposed changes to the $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp> file.
Splunk Enterprise does not change your configuration until after you restart it.
Upgrade Splunk Enterprise
- Go to the machine with the Splunk Enterprise instance you want to upgrade, and open a shell prompt.
-  Verify the folder where Splunk Enterprise is installed, and change to the $SPLUNK_HOME/bindirectory.
-  Stop the Splunk Enterprise services by running systemctl stop Splunkd.serviceor$SPLUNK_HOME/bin/splunk stop
- Confirm that no other processes will automatically start Splunk Enterprise, such as a configuration management or service management tool.
-  To upgrade and migrate the existing configurations, install the latest Splunk Enterprise package directly over your existing deployment.
- If you are using a .tarfile, expand it into the same directory with the same ownership as your existing Splunk Enterprise instance. This overwrites and replaces the default files, but does not remove unique files or file paths. Example:tar xzf splunk-9.4.0-123456780123-linux-amd64.tgz -C /opt
- If you use a package manager, such as RPM, type rpm -U splunk_package_name.rpm
 
- If you are using a 
-  Start the Splunk Enterprise services by running $SPLUNK_HOME/bin/splunk startSplunk Enterprise displays the following output.This appears to be an upgrade of Splunk. -------------------------------------------------------------------------------- Splunk has detected an older version of Splunk installed on this machine. To finish upgrading to the new version, Splunk's installer will automatically update and alter your current configuration files. Deprecated configuration files will be renamed with a .deprecated extension. You can choose to preview the changes that will be made to your configuration files before proceeding with the migration and upgrade: If you want to migrate and upgrade without previewing the changes that will be made to your existing configuration files, choose 'y'. If you want to see what changes will be made before you proceed with the upgrade, choose 'n'. Perform migration and upgrade without previewing configuration changes? [y/n]
- (Optional) Choose whether or not you want to run the migration preview script to see proposed changes to your existing configuration files, or proceed with the migration and upgrade now. If you choose to view the expected changes, the script provides a list but does not start any services. After you review the migration changes and are ready to proceed with migration and upgrade, start the Splunk Enterprise services again.
Upgrade and accept the license agreement simultaneously
After you place the new files in the Splunk Enterprise installation directory, you can accept the license and perform the upgrade in one command.
- To accept the license and begin the upgrade without viewing the changes, use the following command:
                $SPLUNK_HOME/bin/splunk start --accept-license --answer-yes