diff --git a/docs/upgrade.md b/docs/upgrade.md index a0a3dde..ea15acb 100644 --- a/docs/upgrade.md +++ b/docs/upgrade.md @@ -1,19 +1,22 @@ # Upgrading Splunk Connect for Syslog Splunk Connect for Syslog is updated regularly using a CI/CD development process. The notes below outline significant changes that -must be taken into account prior and after an upgrade. Ensure to follow specific instructions below to ensure a smooth transition to -a new version of SC4S in production. +must be taken into account prior and after an upgrade. Ensure to follow specific instructions below to ensure a smooth +transition to a new version of SC4S in production. -## Version 1.9.0 +## Upgrade process +Check the current version of SC4S by running ```sudo logs SC4S```. For the latest version, use the +`latest` tag for the SC4S image in the sc4s.service unit file: +``` +[Service] +Environment="SC4S_IMAGE=splunk/scs:latest" +``` +Restart the service +```sudo systemctl restart sc4s``` -* Example context files have been added to the local mount `context` directory. These example files will be updated at each release -to outline support for new data sources, which can be added to existing context files (those without the `.example` extension). -Existing context files will _not_ be overwritten on subsequent SC4S starts/upgrades, so ensure that any new content from these example -files is incorporated into existing context files. - -* UNIT FILE CHANGES: Make sure to update the unit file used to start the sc4s service with the changes included in this release. It -includes updates for proper operation with RHEL 8, and is backward-compatible with RHEL 7.7. - -## Version 1.10.0 - -* The "Development" section outlines new instructions for operation with the vscode IDE. \ No newline at end of file +Using the latest version is recommended, but a specific version can be specified in the unit file if desired: +``` +[Service] +Environment="SC4S_IMAGE=splunk/scs:v1.20.0" +``` +See the [release information](https://github.com/splunk/splunk-connect-for-syslog/releases) for more detail. diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh index 0aeee79..972d41d 100755 --- a/package/sbin/entrypoint.sh +++ b/package/sbin/entrypoint.sh @@ -66,7 +66,7 @@ then then echo "SC4S_ENV_CHECK_HEC: Splunk HEC endpoint is unreachable; startup will continue to prevent data loss if this is a transient failure" else - echo "SC4S_ENV_CHECK_INDEX: Splunk HEC connection successful; checking indexes..." + echo "SC4S_ENV_CHECK_INDEX: Splunk HEC connection successfull; checking indexes" cat /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv | grep -v sc4s_metrics | grep ',index,' | cut -d, -f 3 | sort -u | while read index ; do export index; echo -e "\nSC4S_ENV_CHECK_INDEX: Checking $index" $(curl -s -S -k "${HEC}?index=${index}" -H "Authorization: Splunk ${SPLUNK_HEC_TOKEN}" -d '{"event": "HEC TEST EVENT", "sourcetype": "SC4S:PROBE"}') ; done fi fi