https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263120#M50506 <P>Here is the migration guide from 3.1 to 4 for reference:</P> <P><A href="http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide">http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide</A></P> <P>Ensure appropriate starttime is set for a smoother transition!</P> Fri, 21 Oct 2016 17:57:31 GMT mreynov_splunk 2016-10-21T17:57:31Z https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263117#M50503 <P>Hello,</P> <P>I'm actually using the TA version 3.1 with one CMA. The TA is installed on a forwarder node.<BR /> I'd like to upgrade to version4.1 but it is stated in the installation doc:<BR /> <EM>"You cannot upgrade from a previous version of the add-on. You must remove the previous version of the add-on before installing the new version."</EM><BR /> So per my understanding I cannot upgrade without stopping indexing logs during the process, correct?<BR /> Perhaps I can install the new version on another forwarder, establish the SIC with the CMA and failover to this new node?</P> Tue, 18 Oct 2016 08:08:02 GMT https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263117#M50503 sassens1 2016-10-18T08:08:02Z https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263118#M50504 <P>Hi sassens1, </P> <P>Yes, you are basically right. OPSEC LEA Add-on 4.x is installed in a different folder (Splunk_TA_checkpoint-opseclea) than version 3.x, so installing 4.x is tantamount to installing a new add-on. Also, the internal data processing logic has changed in 4.X. <BR /> So, you need to either uninstall or disable the older version of OPSEC LEA Add-on and install the new 4.X version. If you keep the older version running, there will be duplicate input data. </P> <P>Hope it helps. Thanks!<BR /> Hunter</P> Tue, 29 Sep 2020 11:27:19 GMT https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263118#M50504 hunters_splunk 2020-09-29T11:27:19Z https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263119#M50505 <P>Hi,</P> <P>thanks for your answer. So if I have both version running at the same time I'll have duplicate log indexing. OK so perhaps that's a better solution than just disabling/uninstalling v3 and enabling v4. It will last only the time to switch from v3 to v4 a couple of minutes I suppose.<BR /> I'd like to ensure a smooth migration without loosing logs. <BR /> What do you think?</P> Tue, 18 Oct 2016 10:07:26 GMT https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263119#M50505 sassens1 2016-10-18T10:07:26Z https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263120#M50506 <P>Here is the migration guide from 3.1 to 4 for reference:</P> <P><A href="http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide">http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide</A></P> <P>Ensure appropriate starttime is set for a smoother transition!</P> Fri, 21 Oct 2016 17:57:31 GMT https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263120#M50506 mreynov_splunk 2016-10-21T17:57:31Z https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263121#M50507 <P>Here is the migration guide from 3.1 to 4 for reference:</P> <P><A href="http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide">http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Releasehistory#Migration_guide</A></P> <P>Ensure appropriate starttime is set for a smoother transition!</P> Fri, 21 Oct 2016 17:58:15 GMT https://community.splunk.com/t5/Getting-Data-In/Check-Point-opsec-lea-upgrade-v3-1-to-v4-1/m-p/263121#M50507 mreynov_splunk 2016-10-21T17:58:15Z