Re: How do we upgrade all forwarders on Windows an...

jkponnuri · ‎12-29-2015

I am currently using Splunk 5.0.4 and trying to upgrade to Splunk 6.x along with all forwarders. How can I upgrade all Splunk forwarders on Windows and Linux servers in one shot? We have roughly 1000 forwarders. Any suggestions? Can I upgrade forwarders first to version 6 and later upgrade Splunk Enterprise to 6? Is that OK?

Thanks in advance...

jkat54 · ‎12-30-2015

As for how to upgrade them... You'll need to write scripts that take into account the architecture of each os, among other variables.

http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/UpgradetheWindowsforwarder
http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/UpgradetheNixforwarder
http://docs.splunk.com/Documentation/Splunk/6.1/installation/HowtoupgradeSplunk

For windows, i've used winrm and powershell remoting. For linux I've used everything from bash scripts to python.

As for compatabillity between versions:
http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Compatibilitybetweenforwardersandindexe...

How do we upgrade all forwarders on Windows and Linux in our environment from Splunk 5.0.4 to 6.x?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation