Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk 7.0 to 8.0 Upgrade

TitanAE2020
Loves-to-Learn
‎03-05-2021 04:05 PM

Hey everyone, happy friday to you all.  I'm currently looking into upgrade our older Splunk 7.0 software to at least version 8.0 (if not higher).  But I wanted to get some advice from some users who've been through this before.

My biggest question/concern is the upgrade process itself.  Reading the documentation makes it sound simple:

1. unpacking the new version of Splunk in the same directory as the original

2. letting the migration script run

3. re-indexing our data. 

Again... seems a bit to easy.  And I've read that most people have to upgrade along these lines:

* Go to version 7.0 - 7.1 - 7.2 -7.3 - 8.0

Further more there is also ensure App and TA combability is still a thing.  Something I'm working through listing out. But because of how detailed this upgrade feels I wanted to ask the communities advice on what I should expect.  And if there are any pain points I might not be aware of going forward.

Thanks

- Titan

Labels (4)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-05-2021 05:25 PM

Which document told you to re-index your data?  I've never had to do that during an upgrade.

Be sure to install and run the Splunk Upgrade Readiness app to scan your apps for potential Python 3 incompatibilities.  Address those incompatibilities (usually with an app upgrade) before or during the 8.0 installation.

---
If this reply helps you, Karma would be appreciated.
Reply

TitanAE2020
Loves-to-Learn
‎03-08-2021 12:22 PM

Tried running and re-running the Splunk Upgrade Readiness tool.  But it always times out.  Kinda annoying tbh.

 

If I can ask, what is your opinion of jumping from 7.0 to 8.0?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-09-2021 05:53 AM

Others have reported problems with the readiness app.  Make sure you have the latest version and try running it on newer versions of Splunk.

Definitely move off of 7.0.  Go to 8.1 rather than 8.0.  I'm not sure if it can be done in one go or not.  Read the release notes.  I wouldn't install 8 before checking all of your apps for Python 3 compatibility.  I've seen Splunk 8 refuse to start because of an incompatible app.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...