All Apps and Add-ons

Upgrading Apps and Add-ons in distributed environment

mike_k
Explorer

I have a distributed environment with the following components:

- 1 Search head

- 1 license master

- 1 Deployment Server

- 1 Cluster Master

- 2 Peer indexers

 

I had a couple of questions relating to upgrading apps/add-ons:

  1. Is there a recommended order in which to upgrade the distributed environment servers (I know when upgrading splunk enterprise in a distributed environment you start with Search Head, then Cluster Master and then Indexer peers .... Is it the same for when upgrading apps/add-ons?)
  2. I have read that i can either update the apps/add-ons using the web GUI or via copying the upgraded folder for the app/add-on into the $SPLUNK_HOME/etc/apps folder and restarting Splunk. When it comes to an Indexer cluster, I understand that the recommendation is to push out the update from the Cluster Master.
    However the apps/add-ons that i have installed on my Indexer peers were just installed directly on the peers rather than using the cluster master. My question is .... when upgrading these apps ... should I upgrade them directly on the indexer peers (like they were originally installed) or should i use the Cluster Master to push out the upgrade (and will this work if they weren't originally installed from the Cluster Master server)?

 

Thanks,

 

 

Labels (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

here is excellent answer to update order of splunk servers in distributed environment https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

For apps and TAs you must read those installation and update instructions and follow those. In my personal preference is start from innermost and go towards outermost. Usually this means first IDX via CM if needed, then HF then UF and SH layer is the last one.

r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

here is excellent answer to update order of splunk servers in distributed environment https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

For apps and TAs you must read those installation and update instructions and follow those. In my personal preference is start from innermost and go towards outermost. Usually this means first IDX via CM if needed, then HF then UF and SH layer is the last one.

r. Ismo

View solution in original post

0 Karma

mike_k
Explorer

Thanks for that info.

0 Karma

mike_k
Explorer

Further to my last ... doing some more investigation. The previous Apps/Add-ons actually were pushed out to my Indexers from my Cluster Master (i can see them under /etc/master-apps on my Cluster Master). So really my only question is whether there is a preferred order in which to upgrade apps across a distributed environment (e.g Search Head, then Indexer peers)

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mike_k,

it isn't a best practice to directly install apps on the peers and I hint to take the opportunity from this upgrade to bring back your installation to the correct approach.

Then, there isn't any particular order in updating apps unless there are structural changes (e.g. changes in indexes or sourcetypes) that require you to update the indexers first.

Anyway I'd upgrade Indexers before the other systems.

Ciao.

Giuseppe

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!