Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to upgrade multi-site indexer cluster WITH search head cluster, Splunk Enterprise 7.2 -> 7.3

aaronbarry73
Path Finder
‎12-16-2019 11:02 AM

Upgrading from 7.2.5 to 7.3.3 to mitigate the Datetime.xml problem before the new year.
I have a multi-site indexer cluster, five peers in site1, five peers in site2.
I have a search head cluster, 6 members in site1 and 4 members in site2.

If I can use the site-by-site upgrade option, then I can keep ingesting data and maintain integrity, I never have to bring down all indexers at once. However, this option doesn't seem to account for a search head cluster, where there is also a deployer to worry about.
It seems the other option is to upgrade in tiers. This option accounts for the deployer and I can do a rolling restart of the search head members, but the indexers must be brought down all at once.
Am I missing something in the docs? Or is it acceptable to somehow combine the two by nesting the site-by-site indexer upgrade within the tiered upgrade? Like this:
1. Upgrade the Cluster Master
2. Perform a rolling upgrade of the search head cluster

a. Upgrade a non-captain member
b. Upgrade the other members
c. Upgrade the deployer
d. Finalize the rolling upgrade
3. Upgrade site1 indexers
4. Upgrade site2 indexers
Thanks for any help!

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-17-2019 04:59 AM

I would use the approach you suggest.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...