Upgrade path for Splunk SOAR (On-premises) privileged installations
This table is designed to show you the stages of upgrading a privileged deployment of Splunk Phantom or Splunk SOAR (On-premises) to the most recent release.
- Splunk Phantom must be upgraded incrementally from release to release.
- Splunk SOAR (On-premises) release 5.0.1 through release 5.3.4 can be upgraded directly to release 5.3.6.
- Splunk SOAR (On-premises) release 5.3.5 and 5.3.6 can be converted to unprivileged.
- After upgrading to Splunk SOAR (On-premises) release 5.3.5 or 5.3.6 and converting to an unprivileged deployment, it is possible to skip intermediate releases between 5.3.5 and 6.2.1.
- Clustered Splunk SOAR (On-premises) deployments, or deployments with an external PostgreSQL 11.x database must upgrade PostgreSQL from release 11.x to release 15.x before upgrading Splunk SOAR (On-premises) release 6.2.1 to higher releases. Non-clustered deployments, or deployments using a local PostgreSQL database can upgrade directly to Splunk SOAR (On-premises) release 6.2.2 or higher after converting to unprivileged.
- Deployments running on CentOS 7 operating systems must migrate to a supported operating system before they can upgrade beyond release 6.3.0.
- Deployments running on Amazon Linux 2 are encouraged to migrate to Amazon Linux 2023. See Migrate a Splunk SOAR (On-premises) install from Amazon Linux 2 to Amazon Linux 2023.
CAUTION: A list of important or breaking changes and the versions where those changes occur is in Splunk SOAR (On-premises) upgrade overview and prerequisites. Review that list before upgrading.
Upgrade path table
Look on the following table to find your currently installed Splunk Phantom or Splunk SOAR (On-premises) release to see your complete upgrade path.
| Starting version | Path to current version | Notes |
|---|---|---|
| 4.6.19142 |
|
|
| 4.8.24304 |
|
|
| 4.9.39220 |
|
|
| 4.10.0 - 4.10.7 |
|
|
| 4.10.7 |
|
|
| 5.0.1 |
|
|
| 5.1.0 |
|
|
| 5.2.1 |
|
|
| 5.3.0 |
|
|
| 5.3.1 |
|
|
| 5.3.2 |
|
|
| 5.3.3 |
|
|
| 5.3.4 |
|
|
| 5.3.5 |
|
|
Examples
Example 1: Upgrading a clustered deployment from Splunk Phantom release 4.6 to Splunk SOAR 6.4.0:
- Upgrade your Splunk Phantom cluster nodes to release 4.8.24304
- Upgrade your Splunk Phantom cluster nodes to release 4.9.39220
- Upgrade your Splunk Phantom cluster nodes to release 4.10.7.63984
- Upgrade you Splunk Phantom cluster nodes to Splunk SOAR (On-premises) release 5.3.6
- Convert your privileged clustered deployment to unprivileged
- Upgrade your Splunk SOAR (On-premises) cluster nodes to Splunk SOAR (On-premises) release 6.2.1
- Upgrade the external PostgreSQL database from release 11.x to release 15.x
- Upgrade Splunk SOAR (On-premises) to release 6.3.0
- If you are running Splunk SOAR (On-premises) on CentOS 7, migrate your operating system to a supported operating system.
- Upgrade Splunk SOAR (On-premises) to release 6.4.0
Example 2: Upgrading from single instance deployment of Splunk Phantom release 4.6 to Splunk SOAR 6.4.0:
- Upgrade Splunk Phantom to release 4.8.24304
- Upgrade Splunk Phantom to release 4.9.39220
- Upgrade Splunk Phantom to release 4.10.7.63984
- Upgrade Splunk Phantom to release Splunk SOAR (On-premises) release 5.3.6
- Convert your privileged clustered deployment to unprivileged
- Upgrade Splunk SOAR (On-premises) to release 6.2.1
- Upgrade Splunk SOAR (On-premises) to release 6.3.0
- If you are running Splunk SOAR (On-premises) on CentOS 7, migrate your operating system to a supported operating system.
- Upgrade Splunk SOAR (On-premises) to release 6.4.0