Updating to the Latest Release

Generally this is a very fast process, however it depends a little on your environment. Also a disclaimer- if you are the administrator you are hereby encouraged to have some kind of backup solution in place. 

If your Splunk deployment uses SHC 

If you are running Splunk Enterprise and using SHC (Search Head Clustering) then your admins will just need to update ​“Canary” and ​“Cisco CDR Reporting and Analytics” on the Deployer node. As always, you (and your admins) can contact us at any time.

If you are using Splunk Cloud or your Splunk server has internet access

• Log in to Splunk as an administrator, and in the apps list click the gear icon ( or on some pages Manage Apps).
• Search for ​“sideview” in your apps. This should bring up a list of several apps including:
  • Canary
  • Cisco CDR Reporting and Analytics
• For each that has an update waiting, click the ​“Update to X.X.X” link and follow the instructions. We advise updating Canary first.
  
• NOTE: if you’re updating from a very old version and do not have the Canary app installed yet, take a brief detour back to our install docs to fix that. Also if an app called ​“Sideview Utils” turns up, then after you are on latest Canary version you can safely delete Sideview Utils from the system.

If you are using Splunk Enterprise but your Splunk deployment does not have internet access

• Visit these pages, login using Splunk​.com credentials, and click Download to download the following apps to your local system as tar.gz files.
  NOTE: It can be any splunk​.com account and it does not need to be the actual account tied to your Splunk Enterprise or Splunk Cloud license.
  
  • Canary https://​splunkbase​.splunk​.com/​a​p​p​/4697
  • Cisco CDR Reporting and Analytics app https://​splunkbase​.splunk​.com/​a​p​p/669
• Log in to Splunk as an administrator, and from the apps list click the gear icon (or on some pages Manage Apps).
• For both of the downloaded apps, click the second button in the upper right, Install app from file.
• Follow the little wizard each time, selecting each file in turn.
  • You WILL want to check the ​“upgrade app” option each time.
  • You do not need to restart Splunk in between the two apps – just be sure to do it after the second app is installed.
  • If for any reason it doesn’t ask to restart after the last one, please click Settings then Server Controls, and restart Splunk from there.

Updating the app’s license (if needed)

1. Whether it’s a trial license or a production license, find your new license key, which should be in an email from us and clearly marked.
2. Log into the Splunk UI as an admin user.
3. Open the Cisco CDR Reporting and Analytics app.
4. Click Admin, then Update license.
   
5. Paste in your new license key, then click the Update License button.
   
6. After updating, you’ll see license information including company and expiration date.

Updating forwarders (very rare)

New versions of the TA for Cisco CDR Reporting and Analytics only come out very rarely, but they do come out. When that happens you’ll need to update your forwarder.

• Download the TA directly from Splunkbase.
• Save the file onto your local system.
• Use Gunzip and tar, or an application like Winzip, to uncompress the .tgz file. 
  • With 7‑zip on Windows … 
    • Right-click on the file, select 7‑zip -> ​“Open Archive”
    • Drill down until you see a folder called ​“TA_​cisco_​cdr”
    • Drag/​Extract that folder to a temporary location on your system.
  • With gunzip or tar, we’re not giving any hints unless you ask specifically. We figure you wouldn’t be using those utilities unless you knew how to use them. 🙂
• Copy the TA_​cisco_​cdr directory into $SPLUNK_​HOME/​etc/​apps/​on your forwarder host.
• Restart the Splunk instance on your forwarder host.
  

WARNING – Do not overwrite your specific inputs.conf file! Your specific inputs and configurations *should* be stored in a directory ​“TA_​cisco_​cdr/​local/​”, and if it is, we won’t overwrite those. But better to check than to have to restore configurations later! 

More advanced scenarios

If you are using any of the following:

• The Splunk Deployment Server
• Multiple Forwarders
• Heavy Forwarders
• Or any other more interesting combination

Then see our docs on Advanced Forwarder Updating