Installation

Order of steps to upgrade Splunk 5.0.4/5.0.2 cluster to Splunk 6?

Communicator

We currently have a 6 indexer Splunk 5 cluster.

  • Cluster Master
  • Search Head #1
  • Search Head #2
  • Indexer (x6)
  • Universal Forwarders (x300-ish?)

They're all currently running Splunk 5.0.4, with the exception of the universal forwarders, which are running 5.0.2.

We'd of course like to eventually get onto Splunk 6. I'm unsure about the order in which they should be upgraded though.

To experiment with some Splunk 6 features, I set up a copy on my local machine and tried to connect it to my existing Splunk 5 cluster master as a search head, but it seems the two are incompatible, so this leads me to believe there could be other incompatabilites between the two versions that I should probably know about..

Tips? Thanks!

Labels (4)
1 Solution

Splunk Employee
Splunk Employee

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

View solution in original post

Splunk Employee
Splunk Employee

Upgrade steps in short:

These steps are for 1 SH, 1 CM, 1 FWD, 4 IDX

1) set CM in maintenance mode
2) bring down all the peers
3) bring down the master
4) upgrade everybody - don't start! (untar over existing /splunk directory)
5) start master
6) set master in maintenance mode
7) start peers
8) start search-head
9) check things (searchability from SH, show cluster-bundle-status from CM)
10) if all is well, unset maintenance mode, then start the fwd
11) test fwd / inputs
12) pantaloons
13) doubloons

0 Karma

Splunk Employee
Splunk Employee

Mix of 5.0.x and 6.0 are not supported. 6.0 search head makes additional REST requests from master, e.g. number of replicated copies, searchable copies of an index etc that are not supported on 5.0.x, thus not quite compatible. Would recommend you to follow ChrisG's suggestion about reading Upgrade a cluster topic.

Communicator

Thanks for the explination.
I recall mixing v4 and v5 a while back, but clustering wasn't involved back then.

0 Karma

Splunk Employee
Splunk Employee

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!