Installation

Splunk 7.0 to 8.0 Upgrade

TitanAE2020
Loves-to-Learn

Hey everyone, happy friday to you all.  I'm currently looking into upgrade our older Splunk 7.0 software to at least version 8.0 (if not higher).  But I wanted to get some advice from some users who've been through this before.

My biggest question/concern is the upgrade process itself.  Reading the documentation makes it sound simple:

1. unpacking the new version of Splunk in the same directory as the original

2. letting the migration script run

3. re-indexing our data. 

Again... seems a bit to easy.  And I've read that most people have to upgrade along these lines:

* Go to version 7.0 - 7.1 - 7.2 -7.3 - 8.0

Further more there is also ensure App and TA combability is still a thing.  Something I'm working through listing out. But because of how detailed this upgrade feels I wanted to ask the communities advice on what I should expect.  And if there are any pain points I might not be aware of going forward.

Thanks

- Titan

Labels (4)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Which document told you to re-index your data?  I've never had to do that during an upgrade.

Be sure to install and run the Splunk Upgrade Readiness app to scan your apps for potential Python 3 incompatibilities.  Address those incompatibilities (usually with an app upgrade) before or during the 8.0 installation.

---
If this reply helps you, Karma would be appreciated.

TitanAE2020
Loves-to-Learn

Tried running and re-running the Splunk Upgrade Readiness tool.  But it always times out.  Kinda annoying tbh.

 

If I can ask, what is your opinion of jumping from 7.0 to 8.0?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Others have reported problems with the readiness app.  Make sure you have the latest version and try running it on newer versions of Splunk.

Definitely move off of 7.0.  Go to 8.1 rather than 8.0.  I'm not sure if it can be done in one go or not.  Read the release notes.  I wouldn't install 8 before checking all of your apps for Python 3 compatibility.  I've seen Splunk 8 refuse to start because of an incompatible app.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...