Is it possible to upgrade higher Splunk Enterprise version on existing servers(Indexer & Forwarder) or we need to use new servers?
Hi @schiwark,
you can easily upgrade version on Splunk Enterprise and Splunk Universal Forwarder without installing another server.
Follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Installation/HowtoupgradeSplunk
In few words, you have to copy the new version on the target server and run the cli command.
It could be a best practice to make a backup (only on Splunk Enterprise).
To upgrade UFs, you have to collow the same procedure, one by one or using a script or a Software Distribution solution, otherwise you can use one app for Windows (https://splunkbase.splunk.com/app/5003/) or for Linux (https://splunkbase.splunk.com/app/5004/).
Ciao.
Giuseppe
Thanks @gcusello
Do I need to copy the configuration file backup before upgrading the version on both indexer and forwarder?
Hi @schiwark,
as I said it's a best practice to make a backup of the Splunk folder on the Splunk Enterprise Server and maintain it on the same machine (or in a different location) until you checked that the upgrade is fully OK, then you can delete it.
You don't need to backup Universal Forwarders.
If you followed the best practices (never modify conf files in the default folders), you can upgrade Splunk and all the local folders (containing the customizations you did) will be maintained.
The conf files in default folders will be overwritten, so, if you want (to be more sure) backup the etc folder, so you'll have a copy af all configurations.
Ciao.
Giuseppe
Thanks @gcusello for the information.
Hi @schiwark,
you're welcome!
Ciao and good splunkg.
Giuseppe
P.S.: remember to accept the answer for the other people of community and Karma Points are appreciated 😉
Hi
here is instructions for update order if/when you have distributed environment.
r. Ismo