Solved: How do I upgrade a non-clustered search head to 7....

Log_wrangler · ‎09-25-2018

I am not finding a detailed "step by step" description for upgrading a non-clustered, non-pooled, search head.

Scenario = I am removing a search head from a pool, for testing purposes. The search head is currently 6.6.3 and I want to do an in-place upgrade to 7.1.

After reviewing the docs, I inferred that I need to do the following steps:

1) /opt/splunk/bin ./splunk stop
2) /opt/splunk/bin ./splunk disable boot-start
3) download 7.1 and untar  > in /opt     tar xvzf splunk_package_name.tgz
4) set search head mode in GUI
5) edit distributedsearch.conf (point to indexer servers)
6) set license master GUI
7) restart

Am I on the right track here? Please advise.

Thanks

gjanders · ‎09-25-2018

Isn't the upgrade covered on Upgrade to 7.1 on UNIX ?

Your steps look fine, your effectively doing an upgrade then Add search peers to the search head or Search Head Configuration overview if your running an indexer cluster (which then links to Enable the search head )

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

View solution in original post

gjanders · ‎09-25-2018

Isn't the upgrade covered on Upgrade to 7.1 on UNIX ?

Your steps look fine, your effectively doing an upgrade then Add search peers to the search head or Search Head Configuration overview if your running an indexer cluster (which then links to Enable the search head )

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

Log_wrangler · ‎09-26-2018

yes I have read to the docs mentioned but I am not going to cluster it or add more than one indexer.... thank you for confirming.

How do I upgrade a non-clustered search head to 7.1?

search head

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases