Linux Forensics Tools Repository: Package Summary for Packages on April 24, 2014:

  • splunk-4.3.7-181874.i386.rpm, splunk-4.3.7-181874-linux-2.6-x86_64.rpm and splunk-6.0.3-204106.i386.rpm, splunk-6.0.3-204106-linux-2.6-x86_64.rpm - These versions of Splunk provide what is needed to upgrade to the latest version which is 6.0.3. The version in the repository is old and contains an expired signing key. We apologize for not keeping Splunk up to date and any inconvenience this upgrade may cause. Please note that these versions are installed in the forensics-test repository which is normally disabled.

    To update to the latest version (6.0.3 as of this writing), follow this procedure:
    1. First, upgrade to splunk 4.3.7 by following the procedure found here. In step 2 in the Steps for upgrading section, use this command to upgrade to splunk 4.3.7:
      sudo yum --enablerepo=forensics-test update splunk-4.3.7
    2. Next, read this first before you start the upgrade.
    3. Then, upgrade to splunk 6.0.3 using this command:
      sudo yum --enablerepo=forensics-test update splunk-6.0.3
    4. If you have previously enabled splunk to start on a reboot, you need to use these commands to reestablish that configuration:
      sudo /opt/splunk/bin/splunk disable boot-start
      sudo /opt/splunk/bin/splunk enable boot-start
    5. Then restart splunk with the following:
      sudo /opt/splunk/bin/splunk start
    Note: On Wednesday, September 10, 2014, the latest version of Splunk will become the default version in the regular cert repository. You will need to perform the upgrade noted above before then so that Splunk will continue to function properly.