Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

Learn

Upgrade Splunk 9.4 to 10.0

Splunk 10.0 is a major release with compatibility changes. This guide walks you through a safe upgrade from 9.4 to 10.0 with simple checks, clear backups, and commands you can copy and paste. If this is your first upgrade, follow the steps in order and do not skip the pre checks.

TL;DR

  1. Check app compatibility and Python 3.9 readiness
  2. Back up KV store and configs, then upgrade the binaries
  3. Follow cluster order if you have SHC or indexer clusters
  4. Verify searches, inputs, and auth after the restart

Downloads and references

Use the official Splunk download pages and upgrade docs for 10.0. Keep these open during the change window so you can cross check details.

Splunk Enterprise download

Grab the latest 10.0.x build.

Previous releases

Select a specific 10.0.x patch build.

READ THIS FIRST (10.0)

Key breaking changes and pre upgrade requirements.

Upgrade paths (10.0)

Confirms 9.4.x → 10.0.x is a supported direct path.

System requirements (10.0)

Supported OS and hardware for Splunk Enterprise.

Deprecated/removed in 10.0

Review removed features and Python runtime change.

Compatibility matrix

Check ES and ITSI compatibility with 10.0.x.

Pre upgrade checks for 9.4 to 10.0

  1. Confirm the upgrade path. 9.4.x can upgrade directly to 10.0.x.
  2. Validate all apps and add ons. Use Splunkbase and the compatibility matrix for ES and ITSI.
  3. Plan for Python 3.9 only. Python 3.7 is removed in 10.0 so upgrade apps that depend on it.
  4. Back up all KV store databases before you begin.
  5. MacOS requires a fresh install and has CPU requirements. Do not attempt an in place upgrade.
  6. Old jQuery libraries and Internal Library Settings are removed in 10.0.

If you run indexer or search head clusters, follow the cluster specific upgrade procedures and enable maintenance mode where required.

Linux upgrade for RPM DEB or TGZ

Upgrade in place in the same install directory. Splunk offers a migration preview before applying changes.

Stop Splunk

$SPLUNK_HOME/bin/splunk stop
# or
systemctl stop Splunkd.service

Install 10.0.x over 9.4

# RPM
rpm -U splunk-10.0.x-linux-x86_64.rpm

# DEB
dpkg -i splunk-10.0.x-linux-amd64.deb

# TGZ (same directory)
tar xzf splunk-10.0.x-linux-amd64.tgz -C /opt

Start + accept license

$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

If you choose the migration preview, Splunk writes the proposed changes to $SPLUNK_HOME/var/log/splunk/migration.log.<timestamp>.

Windows upgrade using GUI or MSI

  1. Do not change management or web ports during the upgrade.
  2. Back up custom CA certificates in %SPLUNK_HOME%\\etc\\auth because the installer overwrites them.
  3. Splunk does not support downgrades. If you roll back, uninstall and reinstall.

GUI upgrade (MSI)

Download the MSI, run it, accept the license, and let it upgrade in place.

Command line (msiexec)

msiexec /i splunk-10.0.x-x64-release.msi
# Optional service user:
# LOGON_USERNAME=DOMAIN\user LOGON_PASSWORD=Secret

Clusters and tiers

For indexer clusters, Splunk recommends a rolling upgrade and prescribes tier order when upgrading separately. Use maintenance mode on the manager during peer upgrades.

Indexer cluster upgrade

Rolling upgrades, maintenance mode, and tier order.

Cluster notes (10.0)

Read this first cluster and maintenance guidance.

Post upgrade verification

  1. Confirm Splunk version in the UI or with splunk version.
  2. Check the migration log for renamed or deprecated settings.
  3. Validate apps and premium app compatibility for ES and ITSI.
  4. Run core searches and confirm scheduled searches run as expected.
  5. For clusters, ensure RF and SF are met and searches are healthy.
Ad slot: bottom