All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Upgrading Splunk Enterprise Version

schiwark
Explorer
‎08-20-2020 03:10 AM

Is it possible to upgrade higher Splunk Enterprise version on existing servers(Indexer & Forwarder) or we need to use new servers?

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 03:22 AM

Hi @schiwark,

you can easily upgrade version on Splunk Enterprise and Splunk Universal Forwarder without installing another server.

Follow the instructions at https://docs.splunk.com/Documentation/Splunk/8.0.5/Installation/HowtoupgradeSplunk

In few words, you have to copy the new version on the target server and run the cli command.

It could be a best practice to make a backup (only on Splunk Enterprise).

To upgrade UFs, you have to collow the same procedure, one by one or using a script or a Software Distribution solution, otherwise you can use one app for Windows (https://splunkbase.splunk.com/app/5003/) or for Linux (https://splunkbase.splunk.com/app/5004/).

Ciao.

Giuseppe

Reply

schiwark
Explorer
‎08-20-2020 03:25 AM

Thanks @gcusello 

Do I need to copy the configuration file backup before upgrading the version on both indexer and forwarder?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 03:36 AM

Hi @schiwark,

as I said it's a best practice to make a backup of the Splunk folder on the Splunk Enterprise Server and maintain it on the same machine (or in a different location) until you checked that the upgrade is fully OK, then you can delete it.

You don't need to backup Universal Forwarders.

If you followed the best practices (never modify conf files in the default folders), you can upgrade Splunk and all the local folders (containing the customizations you did) will be maintained.

The conf files in default folders will be overwritten, so, if you want (to be more sure) backup the etc folder, so you'll have a copy af all configurations.

Ciao.

Giuseppe

Reply

schiwark
Explorer
‎08-20-2020 03:38 AM

Thanks @gcusello for the information.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 04:10 AM

Hi @schiwark,

you're welcome!

Ciao and good splunkg.

Giuseppe

P.S.: remember to accept the answer for the other people of community and Karma Points are appreciated 😉

Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-20-2020 04:53 AM

Hi

here is instructions for update order if/when you have distributed environment.

https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...