Getting Data In

In Splunk Enterprise, Is it possible to upgrade Splunk universal forwarder from 6.2 to 7.2 in one step?

hheinks
Explorer

Hello,

is it possible to Upgrade the universal forwarder in one Step from 6.2 to 7.1 or is a intermediate step (Upgrade to 6.5) required?

Splunk Enterprise: 7.0.1

Yes or No(with workaround) should be enough informations.

Greetings

1 Solution

inventsekar
Ultra Champion

ONLY for indexers -
Upgrade from versions 6.0, 6.1, 6.2, 6.3, and 6.4
If you run versions 6.0, 6.1, 6.2, 6.3, or 6.4 of Splunk Enterprise, upgrade to version 6.5 first before attempting an upgrade to version 7.1.

Upgrade universal forwarders
Upgrading universal forwarders is a different process than upgrading Splunk Enterprise. Before upgrading your universal forwarders, see the appropriate upgrade topic in the Universal Forwarder Manual for your operating system:

Steps to Upgrade a single forwarder
There are several packages that you can use to upgrade a universal forwarder. Tar files and pre-built package such as an .rpm, .deb, or .dmg file are available depending on the operating system.

If you use a .tar file to upgrade a forwarder, expand it into the same directory with the same ownership as the existing universal forwarder instance. This overwrites and replaces matching files but does not remove unique files.

If you use an RPM file, use the RPM package manager (rpm -U .rpm) from a shell prompt to perform the upgrade.

If you use a .dmg file (on MacOS), double-click it and follow the instructions. After the installation starts, specify the same installation directory as your existing installation.

On hosts that run AIX, do not use the AIX version of tar to unarchive a tar file during an upgrade. Use the GNU version of tar instead. This version comes with the AIX Toolbox for Linux Applications package that comes with a base AIX installation. If your AIX does not come with this package installed, you can download it from IBM. See IBM AIX Toolbox download information.

  1. Stop the forwarder.

$SPLUNK_HOME/bin/splunk stop
2. Install the universal forwarder package directly over the existing deployment.

  1. Start the forwarder again.

$SPLUNK_HOME/bin/splunk start
The forwarder displays the following:

 This appears to be an upgrade of Splunk.
    --------------------------------------------------------------------------------
    Splunk has detected an older version of Splunk installed on this machine. To
    finish upgrading to the new version, Splunk's installer will automatically
    update and alter your current configuration files. Deprecated configuration
    files will be renamed with a .deprecated extension.
    You can choose to preview the changes that will be made to your configuration
    files before proceeding with the migration and upgrade:
    If you want to migrate and upgrade without previewing the changes that will be
    made to your existing configuration files, choose 'y'.
    If you want to see what changes will be made before you proceed with the
    upgrade, choose 'n'.
    Perform migration and upgrade without previewing configuration changes? [y/n]
  1. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list of those changes.

  2. Once you have reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

You can complete the last three steps in one line.

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y'):
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

http://docs.splunk.com/Documentation/Forwarder/7.2.0/Forwarder/Upgradethenixuniversalforwarder

View solution in original post

0 Karma

inventsekar
Ultra Champion

ONLY for indexers -
Upgrade from versions 6.0, 6.1, 6.2, 6.3, and 6.4
If you run versions 6.0, 6.1, 6.2, 6.3, or 6.4 of Splunk Enterprise, upgrade to version 6.5 first before attempting an upgrade to version 7.1.

Upgrade universal forwarders
Upgrading universal forwarders is a different process than upgrading Splunk Enterprise. Before upgrading your universal forwarders, see the appropriate upgrade topic in the Universal Forwarder Manual for your operating system:

Steps to Upgrade a single forwarder
There are several packages that you can use to upgrade a universal forwarder. Tar files and pre-built package such as an .rpm, .deb, or .dmg file are available depending on the operating system.

If you use a .tar file to upgrade a forwarder, expand it into the same directory with the same ownership as the existing universal forwarder instance. This overwrites and replaces matching files but does not remove unique files.

If you use an RPM file, use the RPM package manager (rpm -U .rpm) from a shell prompt to perform the upgrade.

If you use a .dmg file (on MacOS), double-click it and follow the instructions. After the installation starts, specify the same installation directory as your existing installation.

On hosts that run AIX, do not use the AIX version of tar to unarchive a tar file during an upgrade. Use the GNU version of tar instead. This version comes with the AIX Toolbox for Linux Applications package that comes with a base AIX installation. If your AIX does not come with this package installed, you can download it from IBM. See IBM AIX Toolbox download information.

  1. Stop the forwarder.

$SPLUNK_HOME/bin/splunk stop
2. Install the universal forwarder package directly over the existing deployment.

  1. Start the forwarder again.

$SPLUNK_HOME/bin/splunk start
The forwarder displays the following:

 This appears to be an upgrade of Splunk.
    --------------------------------------------------------------------------------
    Splunk has detected an older version of Splunk installed on this machine. To
    finish upgrading to the new version, Splunk's installer will automatically
    update and alter your current configuration files. Deprecated configuration
    files will be renamed with a .deprecated extension.
    You can choose to preview the changes that will be made to your configuration
    files before proceeding with the migration and upgrade:
    If you want to migrate and upgrade without previewing the changes that will be
    made to your existing configuration files, choose 'y'.
    If you want to see what changes will be made before you proceed with the
    upgrade, choose 'n'.
    Perform migration and upgrade without previewing configuration changes? [y/n]
  1. Choose whether you want to run the migration preview script to see what changes will be made to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list of those changes.

  2. Once you have reviewed these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

You can complete the last three steps in one line.

To accept the license and view the expected changes (answer 'n') before continuing the upgrade:
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y'):
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes

http://docs.splunk.com/Documentation/Forwarder/7.2.0/Forwarder/Upgradethenixuniversalforwarder

0 Karma

hheinks
Explorer

Perfect,
Thank you @inventsekar

0 Karma

hheinks
Explorer

But if you Click on this Link:

http://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/AboutupgradingREADTHISFIRST

You can See the following Point:

Upgrade paths

Splunk Enterprise supports the following upgrade paths to version 7.1 of the software:

• From version 6.5 or later to 7.1 on full Splunk Enterprise.

• From version 6.5 or later to 7.1 on Splunk universal forwarders.

If you run a version of Splunk Enterprise prior to 6.5:

  1. Upgrade from your current version to version 6.5.

  2. Upgrade to version 7.1.

See About upgrading to 6.5 - READ THIS FIRST for tips on migrating your instance to version 6.5.

Are you sure that it's possible?

gjanders
SplunkTrust
SplunkTrust
0 Karma

gjanders
SplunkTrust
SplunkTrust

As long as the forwarder / indexer versions are compatible then yes you should be able to upgrade without intermediate upgrades on a universal forwarder

However as you have correctly pointed out on the 7.1.0 READTHISFIRST document among others there is a recommendation to only go from 6.5.0 to 7.1.x or similar, I think that this should be tested if you choose to go directly from very old versions to a new version...otherwise you can just default to the steps in the documentation

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...