All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Best practice for Splunk Upgrade 6.x to 7.x when add-ons haven't yet been certified?

anthonysp117
Engager
‎08-28-2018 06:11 PM

Whats the generally given best practice for bumping up to the next major version of Splunk Enterprise when not all of the apps/add-ons have been certified yet ? In my instance, the 3 "Add-Ons" not validated for 7.x being Okta, Juniper and Infoblox (all of which are "Splunk Built/Supported").

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎08-31-2018 03:12 PM

This is not a best practice per ce, more a list of backward-compatibility risk assessment considerations:

  • does the add-on have any custom modular inputs? (check the bin folder in the app directory)
  • does the add-on have custom UI?

If the answer is "yes" the risk of installing on newer Splunk is higher and more rigorous testing is warranted. Many addons, however, such as Juniper have only Splunk configurations (.conf files) and these features stay quite stable as we move from version to version of Splunk enterprise. **This may change in the future.

If above is too generic, it's always a good practice to install the add-on on a staging environment before attempting a production upgrade and many add-ons should just work.

As for the specific add-ons in this question:
- Juniper is very close to a certified release
- Infoblox is on the list of items to be worked on in the next 2 months
- Recommended and supported solution for OKTA ingestion is now developed by OKTA and available here: https://splunkbase.splunk.com/app/3682/

View solution in original post

Reply
Solved! Jump to solution
Solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎08-31-2018 03:12 PM

This is not a best practice per ce, more a list of backward-compatibility risk assessment considerations:

  • does the add-on have any custom modular inputs? (check the bin folder in the app directory)
  • does the add-on have custom UI?

If the answer is "yes" the risk of installing on newer Splunk is higher and more rigorous testing is warranted. Many addons, however, such as Juniper have only Splunk configurations (.conf files) and these features stay quite stable as we move from version to version of Splunk enterprise. **This may change in the future.

If above is too generic, it's always a good practice to install the add-on on a staging environment before attempting a production upgrade and many add-ons should just work.

As for the specific add-ons in this question:
- Juniper is very close to a certified release
- Infoblox is on the list of items to be worked on in the next 2 months
- Recommended and supported solution for OKTA ingestion is now developed by OKTA and available here: https://splunkbase.splunk.com/app/3682/

Reply
Solved! Jump to solution

ftoomch
New Member
‎10-22-2018 07:13 AM

Do you have any more information on the Infoblox add-on status and whether this will simply just support Splunk 7 or also new versions of Infoblox?

Latest I can see here is that the add-on supports Infoblox 6.10 but we are running 8.3 and the add-on is refusing to work currently.

0 Karma
Reply
Solved! Jump to solution

jbrocks
Communicator
‎08-29-2018 12:05 AM

I do not know if there is a best practice with this. But it might depend on the size of your environment (single instance or multi instances). If you use a single instance I would choose to build the same environment on a virtual machine with some events of your original instance and check if an upgrade of the different apps would have any effect. However for bigger environments it is always recommended to have a testing environment and a productive environment. So every changes can be tested in the testing environment. Hope this helps!

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎08-30-2018 09:10 AM

I'd suggest opening a support ticket to get some tracking on the 7.x compatibility.

Reply
Get Updates on the Splunk Community!

Exciting News: The AppDynamics Community Joins Splunk!

Hello Splunkers,   I’d like to introduce myself—I’m Ryan, the former AppDynamics Community Manager, and I’m ...

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...