Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to upgrade multi-site indexer cluster WITH search head cluster, Splunk Enterprise 7.2 -> 7.3

aaronbarry73
Path Finder
‎12-16-2019 11:02 AM

Upgrading from 7.2.5 to 7.3.3 to mitigate the Datetime.xml problem before the new year.
I have a multi-site indexer cluster, five peers in site1, five peers in site2.
I have a search head cluster, 6 members in site1 and 4 members in site2.

If I can use the site-by-site upgrade option, then I can keep ingesting data and maintain integrity, I never have to bring down all indexers at once. However, this option doesn't seem to account for a search head cluster, where there is also a deployer to worry about.
It seems the other option is to upgrade in tiers. This option accounts for the deployer and I can do a rolling restart of the search head members, but the indexers must be brought down all at once.
Am I missing something in the docs? Or is it acceptable to somehow combine the two by nesting the site-by-site indexer upgrade within the tiered upgrade? Like this:
1. Upgrade the Cluster Master
2. Perform a rolling upgrade of the search head cluster

a. Upgrade a non-captain member
b. Upgrade the other members
c. Upgrade the deployer
d. Finalize the rolling upgrade
3. Upgrade site1 indexers
4. Upgrade site2 indexers
Thanks for any help!

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-17-2019 04:59 AM

I would use the approach you suggest.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...