This coming week I am going to be upgrading single box system from RHEL 7.0 to the newest 7.x version. I've never actually upgraded the OS of an existing Splunk install, but with a minor revision, I imagine it's pretty straightforward, right?
Shut down Splunk, upgrade, restart Splunk. Any gotchas I should be aware of? I have a test box I'll be running it on first but I figured I'd ask.
Do a server reboot in a Maintenance Window a week or so BEFORE you do the MW for the upgrade. You need to make sure that the reboot itself (which may never have happened before) does not cause problems. If the reboot is safe, then you know that whatever is jacked up after the upgrade is related to the upgrade, not the reboot. Be sure to check indoes, THP, auto-start of Splunk, as well as the core Splunk function.