Installation

How to upgrade Splunk Enterprise from 7.3.X to 8.1.0 and then to 8.2.5 on Windows?

Marco-IT
Path Finder

Hi everybody,

I need to upgrade Splunk Enterprise from 7.3.X to 8.1.0 and then to 8.2.5 (Windows). 

The architecture includes:
- 1 cluster master
- 1 search head
- 2 indexers (cluster) 
- 1 deployment servers
- 1 heavy forwarder
- n universal forwarders

Looking at the documentation, these are the steps to follow:

  1. Download the MSI file to the host.
  2. Double-click the MSI file. The installer runs and attempts to detect the existing version of Splunk Enterprise installed on the machine. When it locates the prior installation, it displays a panel that asks you to accept the licensing agreement.
  3. Accept the license agreement. The installer then installs the updated Splunk Enterprise. This method of upgrade retains all parameters from the existing installation. The installer restarts Splunk Enterprise services when the upgrade is complete, and places a log of the changes made to configuration files during the upgrade in %TEMP%.

Shouldn't I stop the the splunk service before? Do I only need to double click on the installer and follow the wizard on each host? That's it? Is there something that I'm missing?

 

About Splunk apps and add-ons: I need to update some of them, should I do it before or after the Splunk upgrade?
Example: Add-on for VMware ESXi Logs is now 3.4.2 and needs to be upgraded to 4.0.3 (which doesn't support Splunk 7.X).

I think I should upgrade Splunk first, then add-ons and apps, correct?

 

Thanks in advance for any help.

Labels (3)
Tags (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @Marco-IT,

at first you have to follow an order in your activities:

  • cluster master
  • search head
  • indexers (cluster) 
  • deployment servers
  • heavy forwarder
  • universal forwarders

With special attention to the Indexers cluster, for more infos see at https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster

At first, I hint to perform a back-up of each system before upgrading.

Then, about the stop to the service: it is required by the installation procedure, but when you do it the installation procedure gives a warning, so it isn't so important.

The procedure for Windows is the one you described.

About Apps and Add-Ons, before all upgrading activities, you have to perform a compatibility analysis, using the Splunk Platform Upgrade Readiness App (https://splunkbase.splunk.com/app/4698/) on your 7.x Splunk installation: this app lists the installed app to upgrade.

Apps upgrade can be done after the second upgrade (to 8.2.5) .

Only one final consideration: I never seen large production Splunk installation on Windows! think about this!

 

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @Marco-IT,

at first you have to follow an order in your activities:

  • cluster master
  • search head
  • indexers (cluster) 
  • deployment servers
  • heavy forwarder
  • universal forwarders

With special attention to the Indexers cluster, for more infos see at https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster

At first, I hint to perform a back-up of each system before upgrading.

Then, about the stop to the service: it is required by the installation procedure, but when you do it the installation procedure gives a warning, so it isn't so important.

The procedure for Windows is the one you described.

About Apps and Add-Ons, before all upgrading activities, you have to perform a compatibility analysis, using the Splunk Platform Upgrade Readiness App (https://splunkbase.splunk.com/app/4698/) on your 7.x Splunk installation: this app lists the installed app to upgrade.

Apps upgrade can be done after the second upgrade (to 8.2.5) .

Only one final consideration: I never seen large production Splunk installation on Windows! think about this!

 

Marco-IT
Path Finder

Hi @gcusello, thank you for your answer!

Regarding the link https://docs.splunk.com/Documentation/Splunk/8.2.5/Indexer/Upgradeacluster, it seems about Linux, I can't find the part about Windows. 

Moreover, there's a paragraph called "Upgrading an indexer cluster that does not have a custom security key?": how can I see if the cluster has a custom security key or not?

About your final consideration: I know and I've already brought it to the attention of the customer 🙂

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Marco-IT ,

even if the described process is for Linux (as I said it's difficoult to find a production Windows installation!), the process it's the same also for Windows, you have to use different commands (https://docs.splunk.com/Documentation/Splunk/8.2.5/Installation/UpgradeonWindows), but it's the same.

The security key is configured at the installation, so you (or your customer should know it) anyway, you can see if it's present in [Settings -- Indexer Clustering], bat almost surely it's present.

Obviously the Security Key value isn't visible so you have to know it but I can't help you.

About Windows, I understand 😉

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...