Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Upgrade

santosh_hb
Explorer
‎02-19-2019 12:01 AM

Hi All,
With regards to Splunk Enterprise I have the below query:

  • I have a existing Splunk infra that has Splunk Enterprise 6.5.3 running on all the servers. It has got all the apps TA-'s configured and they are running properly in PROD. environment
  • Now, I have built a new infra (with new servers) and has got Splunk Enterprise 7.2.1 installed and configured on all the servers.

Our plan is to implement any new on-boarding of log feeds into new infra and going forward merge all the apps and TA-s that are currently running on the existing infra to the new Infra.

We have 2 approaches to take it forward:

  • Migrate all the existing configurations related to app's and TA-s from the existing infra to new infra (Splunk 7.2.1)
  • Else, upgrade the existing PROD. infra to Splunk 7.2.1 and then merge all the app's and TA-'s related to existing infra to the new infra that has already Splunk 7.2.1

So, kindly suggest which method I have to follow. If yes, then can you provide the reason for choosing the method (Justification)

regards,
Santosh

Tags (1)
0 Karma
Reply

vinod94
Contributor
‎02-22-2019 09:39 AM

Hi @santosh_hb ,

You can refer this link .

https://docs.splunk.com/Documentation/Splunk/7.2.4/Installation/HowtoupgradeSplunk#Back_up_your_exis...

hope this helps you!

0 Karma
Reply

lakshman239
Influencer
‎02-22-2019 08:58 AM

In my view, you can use either of the two approaches. Both will be fine. However, you would need to have a few considerations to decide.

  • How many servers do you have in old and new infra? is there any clustering involved?
  • what's your retention period for indexes? If its less than 6months, its better to use new infra as you can decommission the old infra [ adds costs till you decom them]. If you have a longer retention, upgrade will be better, as migrating buckets needs careful analysis and time consuming, should you run into bucket fixes/issues.
  • As you have already built the new infra and have a plans to onboard new data and have a plan to migrate them to new infra, option 2(new infra) is better.
  • what was the driving factor for building a new infra as opposed to upgrade? is that due to ageing hardware, timescales or need to on-board new data?
  • Can your new infra provide a seamless interface or better one compared to old interface to users?
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...