Solved: What is procedure to upgrade universal and heavy f...

vrmandadi · ‎09-04-2019

Hello ,

We have around 13 heavy forwarders.How does the upgrade thing work , should we log into each instance and do the upgrade or is there any way to upgrade through the deployment server.The same way we have 500 + universal forwarders , what is the way to upgrade every U.F.

Thanks IN ADVANCE

masonmorales · ‎09-04-2019

Splunk does not have a native feature for performing automatic/distributed upgrades of the software. We use Ansible internally to upgrade Splunk, but some customers use Chef, Salt, or Puppet to do it. For Windows, some customers use SCCM.

View solution in original post

Vijeta · ‎09-04-2019

@vrmandadi you should not use deployment server for performing Splunk upgrade. For the Heavy forwarders it will be just like any other Splunk Enterprise instance upgrade.
For Universal forwarders on Windows and Linux you can use deployment tool for Windows like SCCM or script for Linux.
This document will be helpful for you for upgrading UF remotely. Do check for pre-requisites and whether you really need an upgrade for UFs.

https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/UpgradetheWindowsuniversalforwarder
https://docs.splunk.com/Documentation/Forwarder/7.3.1/Forwarder/Upgradethenixuniversalforwarder

masonmorales · ‎09-04-2019

Splunk does not have a native feature for performing automatic/distributed upgrades of the software. We use Ansible internally to upgrade Splunk, but some customers use Chef, Salt, or Puppet to do it. For Windows, some customers use SCCM.

pdantuuri0411 · ‎09-04-2019

Writing a script should be the most easy way to upgrade the forwarders. Splunk doesn't have an option to upgrade the forwarders automatically.

What is procedure to upgrade universal and heavy forwarders?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!