Deployment Architecture

Step by Step to upgrade Splunk?

mc_i02035
Observer

Hi, we have Dev and Prod linux servers which contains Splunk agents.

The infraestructure on Prod  (V 8.2.2.1) contains:

- Heavy Forwarder

- 3 Indexes 

- Search Head

- DS, LM, MC, SHCD Agent

 

Dev infraestructure (V 8.0.1) contains:

- Search Head

- Index

- Deploy

 

I wanna know how to update correctly.

I mean, which servers we must to update first and how can i make a backup of our apps so we don´t lose something in the process.

 

Thank you very much.

Labels (3)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mc_i02035,

you can follow the order described by @PickleRick or other similar answers that you can find in Community (someone of them by myself as e.g. https://community.splunk.com/t5/Installation/What-is-the-best-approach-for-upgrading-Splunk-Enterpri... !).

Anyway, it's always a best practice to have a copy of the entire Splunk folder so you can restore your initial configuration is something will going wrong, but I usually didn't find any pèroblems in upgrade.

Anyway, as you can read in the above links you can directly migrate from your version to 9.0.x version without passing through an intermediate version.

then I'd migrate before the dev infrastructure and then the prod infrastructure.

only two questions:

  • when you say MC are you meaning Monitoring Console, I suppose, 
  • is it correct?
  • have you Indexer Custer or Search Head Cluster?

Anyway, the path for the dev infrastructure should be:

  • SH,
  • Indexer,
  • DS

The path for the Prod infrastructure depends on the presence of Clusters:

  • without clusters
    • SH
    • IDX,
    • DS, LM, MC, 
    • HF
    • UF
  • with clusters
    • Master Node (Cluster Master)
    • Deployer,
    • SH
    • IDX,
    • DS, LM, MC, 
    • HF
    • UF

You can find interesting documentation at 

https://lantern.splunk.com/Splunk_Platform/Product_Tips/Enterprise/Upgrading_Splunk_Enterprise

https://docs.splunk.com/Documentation/Splunk/9.0.4/Installation/HowtoupgradeSplunk

https://docs.splunk.com/Documentation/Splunk/9.0.4/Indexer/Aboutclusters

Ciao.

Giuseppe

0 Karma

PickleRick
SplunkTrust
SplunkTrust

If you read the docs, you'll get - after resolving several references - the recommended order.

Also

https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

There are some possible deviations from that order, but in general it's a best practice and that's what you should stick to.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...