Deployment Architecture

Are there recommendations for upgrading a search head and indexer clustering environment from Splunk 6.2 to 6.3?

JeremeyWise
Explorer

Trying to work through building our first cluster. I really do not have any data that is that "important", but due to labor time to build it to this stage, am a bit hesitant to fire off a mass upgrade from 6.2 to 6.3. Just want a pulse from the community if anyone has done this yet?

Question:
1) Has anyone done an rpm -Uvh splunk-6.3.0-aa7d4b1ccb80-linux-2.6-x86_64.rpm" on a cluster (SH cluster, indexer cluster, deployment server, cluster master)?

2) I know there are more robust tools of automation for larger Splunk deployments (CHEF, PUPPET, etc..) but as the total cluster I have is only 12VMs, a p-shell update would just about be as easy if their are no "gotcha's!!" with the update.

Looking for recommendations.

0 Karma
1 Solution

muebel
SplunkTrust
SplunkTrust

Hi JeremeyWise,

First of all, before upgrading any of your machines you will want to take a backup of the configuration, i.e.

tar czvf ~/splunk_backup.tgz /opt/splunk/etc/

So as the the order of upgrades, this should work:

  • forwarders, heavy and otherwise
  • Indexer Cluster Master
  • Indexer Peers, Indexers
  • Search Heads
  • Misc (Deployment Server, License Server, etc.)

Let me know if that makes sense or if you have any other questions 😄

View solution in original post

0 Karma

muebel
SplunkTrust
SplunkTrust

Hi JeremeyWise,

First of all, before upgrading any of your machines you will want to take a backup of the configuration, i.e.

tar czvf ~/splunk_backup.tgz /opt/splunk/etc/

So as the the order of upgrades, this should work:

  • forwarders, heavy and otherwise
  • Indexer Cluster Master
  • Indexer Peers, Indexers
  • Search Heads
  • Misc (Deployment Server, License Server, etc.)

Let me know if that makes sense or if you have any other questions 😄

0 Karma

JeremeyWise
Explorer

Upgrade went fine. RPM upgrade went without any error or note.

Kind of caught in that you had to re-run the ULA accept for it to complete the upgrade... by restarting splunk. This is apparently when it runs the actual upgrade to the data.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...