All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Upgrading Splunk Enterprise Version

schiwark
Explorer
‎08-20-2020 03:10 AM

Is it possible to upgrade higher Splunk Enterprise version on existing servers(Indexer & Forwarder) or we need to use new servers?

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 03:22 AM

Hi @schiwark,

you can easily upgrade version on Splunk Enterprise and Splunk Universal Forwarder without installing another server.

Follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Installation/HowtoupgradeSplunk

In few words, you have to copy the new version on the target server and run the cli command.

It could be a best practice to make a backup (only on Splunk Enterprise).

To upgrade UFs, you have to collow the same procedure, one by one or using a script or a Software Distribution solution, otherwise you can use one app for Windows (https://splunkbase.splunk.com/app/5003/) or for Linux (https://splunkbase.splunk.com/app/5004/).

Ciao.

Giuseppe

Reply

schiwark
Explorer
‎08-20-2020 03:25 AM

Thanks @gcusello 

Do I need to copy the configuration file backup before upgrading the version on both indexer and forwarder?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 03:36 AM

Hi @schiwark,

as I said it's a best practice to make a backup of the Splunk folder on the Splunk Enterprise Server and maintain it on the same machine (or in a different location) until you checked that the upgrade is fully OK, then you can delete it.

You don't need to backup Universal Forwarders.

If you followed the best practices (never modify conf files in the default folders), you can upgrade Splunk and all the local folders (containing the customizations you did) will be maintained.

The conf files in default folders will be overwritten, so, if you want (to be more sure) backup the etc folder, so you'll have a copy af all configurations.

Ciao.

Giuseppe

Reply

schiwark
Explorer
‎08-20-2020 03:38 AM

Thanks @gcusello for the information.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 04:10 AM

Hi @schiwark,

you're welcome!

Ciao and good splunkg.

Giuseppe

P.S.: remember to accept the answer for the other people of community and Karma Points are appreciated 😉

Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-20-2020 04:53 AM

Hi

here is instructions for update order if/when you have distributed environment.

https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...