Need your advice reg. writing procedures to upgrade to for Win & Linux. Should I write one for each?


We have Spunk Ent. & ES both on Windows & RHEL (Linux). Are there much different procedures for Win vs Linux? Should I be writing on for each ? Or just one procedures for our entire environment. Some of my UFs are as old as 7.2.9 all the way up to 8.0.7. Thanks a million.

Labels (1)
Tags (1)
0 Karma


Hi @SamHTexas,

you have to define a procedure for upgrade your environment (Splunk Enterprise, Enterprise Security, and all the Apps and TAs).

The upgrade procedure is one and depends on:

  • your architecture (distributed or stand-alone),
  • clusterized or not,
  • Splunk starting version (if youstart from 7, you have to pass through an intermediate version (e.g. 8.0.x).

Then for Linux and Windows you have to use different commands that you can find in the online documentation.

When you define the sequence of your steps, you can find the commands to use for Windows servers and Linux servers.





here is the general order to upgrade splunk environment

Of course you must first ensure that your own/additional apps and TAs are compatible with the new version and update those first if needed. 
r. Ismo

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...