Skip to content

Upgrade the Splunk Add-on for JMX

Upgrade from version 5.6.0 or earlier to version 6.0.0 or higher

Splunk Add-on for Java Management Extensions version 6.0.0 and higher does not include urllib3, and requests, due to security reasons.

However, Splunk Enterprise architectural decisions do not allow modules introduced by previous versions of the add-on to be deleted automatically during upgrade.

Splunk administrators must manually delete the following directories from all Splunk servers where the add-on was upgraded:

  • Splunk_TA_jmx/lib/urllib3

  • Splunk_TA_jmx/lib/urllib3-*.dist-info

  • Splunk_TA_jmx/lib/requests

  • Splunk_TA_jmx/lib/requests-*.dist-info

This ensures that the urllib3 and requests modules built into Splunk Python are used.

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Manage Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. SSH into the Splunk machine where the add-on is installed.
  5. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory on the heavy forwarder.

  6. Delete the following files, if they exist:

    • log4j-api-x.x.x.jar
    • log4j-core-x.x.x.jar

  7. Restart your Splunk platform instance.

  8. Enable the inputs.

Upgrade to version 5.6.0 and above from version 5.4.0 or lower

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Manage Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. SSH into the Splunk machine where the add-on is installed.
  5. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory on the heavy forwarder.

  6. Delete the following files, if they exist:

    • castor-core-1.4.1.jar
    • castor-xml-1.4.1.jar
    • commons-lang3-3.12.0.jar
    • xercesImpl-2.12.0.SP03.jar

  7. Restart your Splunk platform instance.

  8. Enable the inputs.

Upgrade to version 5.4.0 and above from version 5.2.2 or lower

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Manage Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. SSH into the Splunk machine where the add-on is installed.
  5. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory on the heavy forwarder.

  6. Delete the following files, if they exist:

    • fastjson-1.2.76.jar
    • fastjson-1.2.60.jar
    • fastjson-1.2.5.jar
    • commons-discovery-0.2.jar
    • commons-logging-1.1.1.jar
    • jakarta.activation.jar
    • log4j-api-2.11.1.jar
    • log4j-core-2.11.1.jar
    • log4j-api-2.14.1.jar
    • log4j-core-2.14.1.jar
    • log4j-api-2.15.0.jar
    • log4j-core-2.15.0.jar
    • log4j-api-2.16.0.jar
    • log4j-core-2.16.0.jar
    • xercesImpl.jar

  7. Restart your Splunk platform instance.

  8. Enable the inputs.

Upgrade to version 5.2.2 from version 5.2.1 or lower

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Manage Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. SSH into the Splunk machine where the add-on is installed.
  5. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory on the heavy forwarder.

  6. Delete the following files, if they exist:

    • fastjson-1.2.60.jar
    • fastjson-1.2.5.jar
    • commons-discovery-0.2.jar
    • commons-logging-1.1.1.jar
    • jakarta.activation.jar
    • log4j-api-2.11.1.jar
    • log4j-core-2.11.1.jar
    • log4j-api-2.14.1.jar
    • log4j-core-2.14.1.jar
    • log4j-api-2.15.0.jar
    • log4j-core-2.15.0.jar
    • xercesImpl.jar

  7. Restart your Splunk platform instance.

  8. Enable the inputs.

Upgrade to version 5.2.1 from version 5.2.0 or lower

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Manage Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. SSH into the Splunk machine where the add-on is installed.
  5. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory on the heavy forwarder.

  6. Delete the following files, if they exist:

    • fastjson-1.2.60.jar
    • fastjson-1.2.5.jar
    • commons-discovery-0.2.jar
    • commons-logging-1.1.1.jar
    • jakarta.activation.jar
    • log4j-api-2.11.1.jar
    • log4j-core-2.11.1.jar
    • log4j-api-2.14.1.jar
    • log4j-core-2.14.1.jar
    • junit-4.11.jar
    • xercesImpl.jar

  7. Restart your Splunk platform instance.

  8. Enable the inputs.

Upgrade to version 5.2.0 from version 5.1.0 or lower

  1. Disable all currently configured inputs.
  2. In Splunk Web, navigate to the Apps page.
  3. Navigate to the Splunk Add-on for Java Management Extensions and click the link to upgrade to the latest version of the add-on.
  4. Accept the terms and agreements.
  5. Log in with your Splunk.com credentials.
  6. Restart your Splunk platform deployment.
  7. SSH in to the Splunk machine where the add-on is installed.
  8. Navigate to the $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/lib directory.

  9. Delete the following files, if they exist:

    • fastjson-1.2.60.jar
    • fastjson-1.2.5.jar
    • commons-discovery-0.2.jar
    • commons-logging-1.1.1.jar
    • jakarta.activation.jar
    • log4j-api-2.11.1.jar
    • log4j-core-2.11.1.jar
    • junit-4.11.jar
    • xercesImpl.jar

  10. Restart your Splunk platform instance.

  11. Enable the inputs.

Upgrade from version 3.0.2

If you are upgrading from version 3.0.2 or earlier of the Splunk Add-on for JMX, note that the assignment of the host and source fields has changed since the 3.1.0 release as noted in ADDON-5508. These changes may cause existing searches to no longer work. You will need to revise your SPL searches to use the correct host or source if any of your SPL searches depend on host or source.

Migration guide

The Splunk Add-on for JMX is intended to replace the add-on components of Monitoring of Java Virtual Machines with JMX. Splunk built the Splunk Add-on for JMX as a separate add-on, so you cannot use the update function in your existing installation of the Monitoring of Java Virtual Machines with JMX app to install and use this add-on. The Splunk Add-on for JMX is compatible with the old app’s inputs.conf and XML configuration files, so you can manually upgrade and continue to use your old configurations.

Some features of the Monitoring of Java Virtual Machines with JMX app are not available in this add-on.

  • Although the element formatter still exists for backwards compatibility, the add-on does not use it. Now the add-on indexes events in JSON format for better field extractions.
  • Although the attribute filterImplementationClass still exists in element notification, the attribute is not used in this version.

This add-on does not work with the Monitoring of Java Virtual Machines with JMX app on the same Splunk Enterprise instance, so you must follow these migration steps to upgrade.

Note

If you do not want to keep your old configurations and plan to create new data inputs, you can just remove the Monitoring of Java Virtual Machines with JMX app and install this add-on.

If you want to keep your old configurations, follow these steps:

  1. Find the folder where the Monitoring of Java Virtual Machines with JMX app is installed. By default, it is $SPLUNK_HOME/etc/apps/jmx_ta.
  2. Back up your XML configuration files in the app folder or its sub-folders.
  3. Back up your inputs.conf in the local folder.
  4. If you changed your inputs.conf in the default folder, merge your changes into your backup copy of your local/inputs.conf.
  5. Backup all the other files in the local folder if you need them.
  6. Uninstall the old app, or delete the app folder.
  7. Install the Splunk Add-on for Java Management Extensions.
  8. Put your backed up copy of your local/inputs.conf into $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/local/.
  9. Put your backed up XML configuration files into $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/config/.
  10. Check the value of configuration config_file_dir in your local/inputs.conf.
    • If you did not set any value for config_file_dir in the stanza [jmx] in the old app’s inputs.conf, the default value is now $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/config/. If you did set it, change it to $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/config/.
    • Check the value of configuration config_file_dir in all your JMX data inputs in every app using those XML files. Make sure each data input’s config_file_dir is set to $SPLUNK_HOME/etc/apps/Splunk_TA_jmx/bin/config/.
  11. The default index is now the default index of Splunk Enterprise, instead of jmx. The add-on does not include the index jmx index. If you want to use it, you must add it manually. You also need to manually set index=jmx in all your JMX data inputs if you were using the old default value and want to continue to use jmx.