Hello Splunk Experts,
Recently, I've been tasked to upgrade a distributed Splunk environment with the condition as follows:
There are 2 things in which I need confirmation of:
Thank you and please advise.
per this doc:
which leads you to this doc:
upgrading from version 5.0 to 6.x is not supported.
it also says to upgrade to 6.3 first and then move on to desired version.
upgrade the Search Head first then the indexer and lastly the forwarders
hope it helps
Thank you for the documentation. I read the doc and I found another link about upgrading there:
That doc also mentions about upgrade path, but it seems that you can directly upgrade UF from 5.x to 6.x (in my case to 6.5.4). Now I'm confused on what to follow. Is it possible that upgrading to 6.3 first only mandatory for Splunk Enterprise?
i guess you can go either way as its not supported.
better try to go to 6.3 first
All right. Thank you for your insight.
I guess I will try to request a development environment to test things out.