Roll back ES from 8.0 to 7.3

Nawab · ‎02-15-2025

We have just upgraded to ES 8.0.2, and its is very bad or still in development stages and we want to roll back to 7.3, how can we do that keeping all our searches and notable data

Nawab · ‎02-16-2025

The newer version is not stable right now, for example the documentation says it has enhanced workflows but there is no option available to trun it on its disabled by default.
we can not open the coorelation searches because they have added versioning of searches, and you cannot open versions edited in 7.3 or piror to 8, we cant create short ids to track notables and we cant filter based on short id and many more issues.

gcusello · ‎02-16-2025

Hi @Nawab ,

Notable are in a dedicated index that has the same name in bothe the versions, so there's no issue in downgrading.

About Correlation Searches, it's always a best practice to save them in a dedicated app, not in the Enterprise Security App, but anyway they are in the local folders so the new installation does,'t touch them.

But the most safe approach is to ask to Splunk Support.

Only for my information: why do you want to downgrade?

Ciao.

Giuseppe

Roll back ES from 8.0 to 7.3

search head

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Roll back ES from 8.0 to 7.3

search head

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!