Installation

Order of steps to upgrade Splunk 5.0.4/5.0.2 cluster to Splunk 6?

Ricapar
Communicator

We currently have a 6 indexer Splunk 5 cluster.

  • Cluster Master
  • Search Head #1
  • Search Head #2
  • Indexer (x6)
  • Universal Forwarders (x300-ish?)

They're all currently running Splunk 5.0.4, with the exception of the universal forwarders, which are running 5.0.2.

We'd of course like to eventually get onto Splunk 6. I'm unsure about the order in which they should be upgraded though.

To experiment with some Splunk 6 features, I set up a copy on my local machine and tried to connect it to my existing Splunk 5 cluster master as a search head, but it seems the two are incompatible, so this leads me to believe there could be other incompatabilites between the two versions that I should probably know about..

Tips? Thanks!

Labels (4)
1 Solution

ChrisG
Splunk Employee
Splunk Employee

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

View solution in original post

weeb
Splunk Employee
Splunk Employee

Upgrade steps in short:

These steps are for 1 SH, 1 CM, 1 FWD, 4 IDX

1) set CM in maintenance mode
2) bring down all the peers
3) bring down the master
4) upgrade everybody - don't start! (untar over existing /splunk directory)
5) start master
6) set master in maintenance mode
7) start peers
8) start search-head
9) check things (searchability from SH, show cluster-bundle-status from CM)
10) if all is well, unset maintenance mode, then start the fwd
11) test fwd / inputs
12) pantaloons
13) doubloons

0 Karma

jkerai
Splunk Employee
Splunk Employee

Mix of 5.0.x and 6.0 are not supported. 6.0 search head makes additional REST requests from master, e.g. number of replicated copies, searchable copies of an index etc that are not supported on 5.0.x, thus not quite compatible. Would recommend you to follow ChrisG's suggestion about reading Upgrade a cluster topic.

Ricapar
Communicator

Thanks for the explination.
I recall mixing v4 and v5 a while back, but clustering wasn't involved back then.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

You should definitely read the Upgrade a cluster topic in the Managing Indexers and Clusters manual. All cluster nodes have to be running the same version of Splunk.

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...