Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Roll back ES from 8.0 to 7.3

Nawab
Communicator
‎02-15-2025 11:46 PM

We have just upgraded to ES 8.0.2, and its is very bad or still in development stages and we want to roll back to 7.3, how can we do that keeping all our searches and notable data

Labels (1)
Labels
0 Karma
Reply

Nawab
Communicator
‎02-16-2025 01:02 AM

The newer version is not stable right now, for example the documentation says it has enhanced workflows but there is no option available to trun it on its disabled by default.
we can not open the coorelation searches because they have added versioning of searches, and you cannot open versions edited in 7.3 or piror to 8, we cant create short ids to track notables and we cant filter based on short id and many more issues.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-16-2025 12:41 AM

Hi @Nawab ,

Notable are in a dedicated index that has the same name in bothe the versions, so there's no issue in downgrading.

About Correlation Searches, it's always a best practice to save them in a dedicated app, not in the Enterprise Security App, but anyway they are in the local folders so the new installation does,'t touch them.

But the most safe approach is to ask to Splunk Support.

Only for my information: why do you want to downgrade?

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...