Solved: Re: Does a cluster supports multiple version of sp...

Anu · ‎02-10-2021

Hi all,

I have 3 search heads as a part of search head cluster and 5 indexers in the indexer cluster and also my search heads are also part of this indexer cluster. I'm upgrading my splunk infrastrcture from 6.63 to 7.2.Should all the search heads and indexers be upgraded at the same time or can i upgrade the search head cluster first and indexer cluster later?? The problem here is search heads are also part of indexer cluster if i upgrade the search heads will i run into problem with different versions of splunk in indexer cluster

searchhead cluster components

sh1

sh2

sh3

indexer cluster

idx1

idx2

idx3

idx4

idx5

sh1

sh2

sh3

@isoutamo

isoutamo · ‎02-10-2021

Hi

In normal situation those should be at same level. But when you are updating those there could be a situation when some part of distributed environment could be at different level.

But as you are updating from 6.6.3 to 7.2.x (you should consider to update at least 7.3.x), I afraid that you must do that update as offline all nodes at same time. After you have later versions 7.x you could do online upgrade but not now.

https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

You must read exact steps from https://docs.splunk.com/Documentation/Splunk/7.2.10/Installation/HowtoupgradeSplunk

Splunk Enterprise version 7.2 will no longer be supported as of April 30, 2021.

r. Ismo

View solution in original post

isoutamo · ‎02-10-2021

Hi

In normal situation those should be at same level. But when you are updating those there could be a situation when some part of distributed environment could be at different level.

But as you are updating from 6.6.3 to 7.2.x (you should consider to update at least 7.3.x), I afraid that you must do that update as offline all nodes at same time. After you have later versions 7.x you could do online upgrade but not now.

https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

You must read exact steps from https://docs.splunk.com/Documentation/Splunk/7.2.10/Installation/HowtoupgradeSplunk

Splunk Enterprise version 7.2 will no longer be supported as of April 30, 2021.

r. Ismo

Anu · ‎02-11-2021

So what you meant is i should upgrade the indexer cluster and search head cluster at the same time.Is it possible upgrade to 7.3.x directly from 6.6.3??

isoutamo · ‎02-11-2021

It's possible but it must do as offline update. all in one time

If I recall right this is how we done it on one of our Client environment.

r. Ismo

Anu · ‎02-11-2021

Thank you Ismo.Is it possible to upgrade from 6.6.3 to 7.3 directly??

isoutamo · ‎02-11-2021

I think that offline upgrade should work. Of course you should take backups first so if there will be any real issues, you could go back to the previous version.

r. Ismo

Anu · ‎02-11-2021

Thank you .Just a last question, How do i verify all the apps/add-ons are working fine after the upgrade??

isoutamo · ‎02-11-2021

I haven’t any general way to do it automatically. You must just check those manually if you haven’t any other way to do it.

Does a cluster supports multiple version of splunk??

Linux

source

sourcetype

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?