Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there recommendations for upgrading a search head and indexer clustering environment from Splunk 6.2 to 6.3?

JeremeyWise
Explorer
‎10-07-2015 08:46 AM

Trying to work through building our first cluster. I really do not have any data that is that "important", but due to labor time to build it to this stage, am a bit hesitant to fire off a mass upgrade from 6.2 to 6.3. Just want a pulse from the community if anyone has done this yet?

Question:
1) Has anyone done an rpm -Uvh splunk-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm" on a cluster (SH cluster, indexer cluster, deployment server, cluster master)?

2) I know there are more robust tools of automation for larger Splunk deployments (CHEF, PUPPET, etc..) but as the total cluster I have is only 12VMs, a p-shell update would just about be as easy if their are no "gotcha's!!" with the update.

Looking for recommendations.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎10-07-2015 07:05 PM

Hi JeremeyWise,

First of all, before upgrading any of your machines you will want to take a backup of the configuration, i.e.

tar czvf ~/splunk_backup.tgz /opt/splunk/etc/

So as the the order of upgrades, this should work:

  • forwarders, heavy and otherwise
  • Indexer Cluster Master
  • Indexer Peers, Indexers
  • Search Heads
  • Misc (Deployment Server, License Server, etc.)

Let me know if that makes sense or if you have any other questions 😄

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎10-07-2015 07:05 PM

Hi JeremeyWise,

First of all, before upgrading any of your machines you will want to take a backup of the configuration, i.e.

tar czvf ~/splunk_backup.tgz /opt/splunk/etc/

So as the the order of upgrades, this should work:

  • forwarders, heavy and otherwise
  • Indexer Cluster Master
  • Indexer Peers, Indexers
  • Search Heads
  • Misc (Deployment Server, License Server, etc.)

Let me know if that makes sense or if you have any other questions 😄

0 Karma
Reply
Solved! Jump to solution

JeremeyWise
Explorer
‎10-08-2015 07:12 AM

Upgrade went fine. RPM upgrade went without any error or note.

Kind of caught in that you had to re-run the ULA accept for it to complete the upgrade... by restarting splunk. This is apparently when it runs the actual upgrade to the data.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...