Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Order of steps to upgrade Splunk 5.0.4/5.0.2 cluster to Splunk 6?

Ricapar
Communicator
‎10-03-2013 06:25 AM

We currently have a 6 indexer Splunk 5 cluster.

  • Cluster Master
  • Search Head #1
  • Search Head #2
  • Indexer (x6)
  • Universal Forwarders (x300-ish?)

They're all currently running Splunk 5.0.4, with the exception of the universal forwarders, which are running 5.0.2.

We'd of course like to eventually get onto Splunk 6. I'm unsure about the order in which they should be upgraded though.

To experiment with some Splunk 6 features, I set up a copy on my local machine and tried to connect it to my existing Splunk 5 cluster master as a search head, but it seems the two are incompatible, so this leads me to believe there could be other incompatabilites between the two versions that I should probably know about..

Tips? Thanks!

Labels (4)
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-03-2013 09:01 AM

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

View solution in original post

Reply
Solved! Jump to solution

weeb
Splunk Employee
Splunk Employee
‎06-25-2015 05:39 PM

Upgrade steps in short:

These steps are for 1 SH, 1 CM, 1 FWD, 4 IDX

1) set CM in maintenance mode
2) bring down all the peers
3) bring down the master
4) upgrade everybody - don't start! (untar over existing /splunk directory)
5) start master
6) set master in maintenance mode
7) start peers
8) start search-head
9) check things (searchability from SH, show cluster-bundle-status from CM)
10) if all is well, unset maintenance mode, then start the fwd
11) test fwd / inputs
12) pantaloons
13) doubloons

0 Karma
Reply
Solved! Jump to solution

jkerai
Splunk Employee
Splunk Employee
‎10-03-2013 08:13 PM

Mix of 5.0.x and 6.0 are not supported. 6.0 search head makes additional REST requests from master, e.g. number of replicated copies, searchable copies of an index etc that are not supported on 5.0.x, thus not quite compatible. Would recommend you to follow ChrisG's suggestion about reading Upgrade a cluster topic.

Reply
Solved! Jump to solution

Ricapar
Communicator
‎10-04-2013 08:39 AM

Thanks for the explination.
I recall mixing v4 and v5 a while back, but clustering wasn't involved back then.

0 Karma
Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎10-03-2013 09:01 AM

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

Reply
Get Updates on the Splunk Community!

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...