Hey everyone, happy friday to you all. I'm currently looking into upgrade our older Splunk 7.0 software to at least version 8.0 (if not higher). But I wanted to get some advice from some users who've been through this before.
My biggest question/concern is the upgrade process itself. Reading the documentation makes it sound simple:
1. unpacking the new version of Splunk in the same directory as the original
2. letting the migration script run
3. re-indexing our data.
Again... seems a bit to easy. And I've read that most people have to upgrade along these lines:
* Go to version 7.0 - 7.1 - 7.2 -7.3 - 8.0
Further more there is also ensure App and TA combability is still a thing. Something I'm working through listing out. But because of how detailed this upgrade feels I wanted to ask the communities advice on what I should expect. And if there are any pain points I might not be aware of going forward.
Thanks
- Titan
Which document told you to re-index your data? I've never had to do that during an upgrade.
Be sure to install and run the Splunk Upgrade Readiness app to scan your apps for potential Python 3 incompatibilities. Address those incompatibilities (usually with an app upgrade) before or during the 8.0 installation.
Tried running and re-running the Splunk Upgrade Readiness tool. But it always times out. Kinda annoying tbh.
If I can ask, what is your opinion of jumping from 7.0 to 8.0?
Others have reported problems with the readiness app. Make sure you have the latest version and try running it on newer versions of Splunk.
Definitely move off of 7.0. Go to 8.1 rather than 8.0. I'm not sure if it can be done in one go or not. Read the release notes. I wouldn't install 8 before checking all of your apps for Python 3 compatibility. I've seen Splunk 8 refuse to start because of an incompatible app.