Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to upgrade multi-site indexer cluster WITH search head cluster, Splunk Enterprise 7.2 -> 7.3

aaronbarry73
Path Finder
‎12-16-2019 11:02 AM

Upgrading from 7.2.5 to 7.3.3 to mitigate the Datetime.xml problem before the new year.
I have a multi-site indexer cluster, five peers in site1, five peers in site2.
I have a search head cluster, 6 members in site1 and 4 members in site2.

If I can use the site-by-site upgrade option, then I can keep ingesting data and maintain integrity, I never have to bring down all indexers at once. However, this option doesn't seem to account for a search head cluster, where there is also a deployer to worry about.
It seems the other option is to upgrade in tiers. This option accounts for the deployer and I can do a rolling restart of the search head members, but the indexers must be brought down all at once.
Am I missing something in the docs? Or is it acceptable to somehow combine the two by nesting the site-by-site indexer upgrade within the tiered upgrade? Like this:
1. Upgrade the Cluster Master
2. Perform a rolling upgrade of the search head cluster

a. Upgrade a non-captain member
b. Upgrade the other members
c. Upgrade the deployer
d. Finalize the rolling upgrade
3. Upgrade site1 indexers
4. Upgrade site2 indexers
Thanks for any help!

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aaronbarry73
Path Finder
‎12-17-2019 10:37 AM

I think I found it. There is a link I missed in the docs for "Perform a rolling upgrade of an indexer cluster".
This document, combined with the links in the OP will work for me I think.

  1. Run Preliminary health checks
  2. Upgrade the cluster master
  3. Perform a rolling upgrade of a search head cluster
  4. Perform a rolling upgrade of an indexer cluster

I might be able to get away with bringing down the indexers one site at a time, but not sure. Instead i'll probably go one-by-one before finalizing.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-17-2019 04:59 AM

I would use the approach you suggest.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...