Hi everybody,
I need to upgrade Splunk Enterprise from 7.3.X to 8.1.0 and then to 8.2.5 (Windows).
The architecture includes:
- 1 cluster master
- 1 search head
- 2 indexers (cluster)
- 1 deployment servers
- 1 heavy forwarder
- n universal forwarders
Looking at the documentation, these are the steps to follow:
Shouldn't I stop the the splunk service before? Do I only need to double click on the installer and follow the wizard on each host? That's it? Is there something that I'm missing?
About Splunk apps and add-ons: I need to update some of them, should I do it before or after the Splunk upgrade?
Example: Add-on for VMware ESXi Logs is now 3.4.2 and needs to be upgraded to 4.0.3 (which doesn't support Splunk 7.X).
I think I should upgrade Splunk first, then add-ons and apps, correct?
Thanks in advance for any help.
Hi @Marco-IT,
at first you have to follow an order in your activities:
With special attention to the Indexers cluster, for more infos see at https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster
At first, I hint to perform a back-up of each system before upgrading.
Then, about the stop to the service: it is required by the installation procedure, but when you do it the installation procedure gives a warning, so it isn't so important.
The procedure for Windows is the one you described.
About Apps and Add-Ons, before all upgrading activities, you have to perform a compatibility analysis, using the Splunk Platform Upgrade Readiness App (https://splunkbase.splunk.com/app/4698/) on your 7.x Splunk installation: this app lists the installed app to upgrade.
Apps upgrade can be done after the second upgrade (to 8.2.5) .
Only one final consideration: I never seen large production Splunk installation on Windows! think about this!
Hi @Marco-IT,
at first you have to follow an order in your activities:
With special attention to the Indexers cluster, for more infos see at https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster
At first, I hint to perform a back-up of each system before upgrading.
Then, about the stop to the service: it is required by the installation procedure, but when you do it the installation procedure gives a warning, so it isn't so important.
The procedure for Windows is the one you described.
About Apps and Add-Ons, before all upgrading activities, you have to perform a compatibility analysis, using the Splunk Platform Upgrade Readiness App (https://splunkbase.splunk.com/app/4698/) on your 7.x Splunk installation: this app lists the installed app to upgrade.
Apps upgrade can be done after the second upgrade (to 8.2.5) .
Only one final consideration: I never seen large production Splunk installation on Windows! think about this!
Hi @gcusello, thank you for your answer!
Regarding the link https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster, it seems about Linux, I can't find the part about Windows.
Moreover, there's a paragraph called "Upgrading an indexer cluster that does not have a custom security key?": how can I see if the cluster has a custom security key or not?
About your final consideration: I know and I've already brought it to the attention of the customer 🙂
Hi @Marco-IT ,
even if the described process is for Linux (as I said it's difficoult to find a production Windows installation!), the process it's the same also for Windows, you have to use different commands (https://docs.splunk.com/Documentation/Splunk/8.2.5/Installation/UpgradeonWindows), but it's the same.
The security key is configured at the installation, so you (or your customer should know it) anyway, you can see if it's present in [Settings -- Indexer Clustering], bat almost surely it's present.
Obviously the Security Key value isn't visible so you have to know it but I can't help you.
About Windows, I understand 😉
Ciao.
Giuseppe