Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Splunk Upgrade Query
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Upgrade Query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Supported upgrade paths are documented here: https://docs.splunk.com/Documentation/Splunk/7.3.2/Installation/HowtoupgradeSplunk
You would upgrade to Splunk 6.6 first and then to Splunk 7.3. Note that support for Splunk 7.3 ends October 22, 2021. You should consider upgrading through Splunk 8.x if you can, but the process is complex given incompatibilities between earlier versions of forwarders and newer versions of Splunk.
Compatibility issues between Splunk 7.3 and Splunk 6.5 and earlier are noted here: https://docs.splunk.com/Documentation/Splunk/7.3.2/ReleaseNotes/Knownissues. Following the supported upgrade path will minimize the issues you encounter during the process.
Splunk 7.3.2 was released on October 2, 2019. I recommend upgrading to Splunk 6.6.11 first if 7.3.2 is your target. Also note that Splunk 7.3.3 includes a fix for timestamp extraction of dates with two digits years after 2019.
Irrespective of your upgrade path, you'll also need to maintain app/add-on compatibility throughout the process. This is difficult with older versions of Splunk given the frequency with which older apps are removed from Splunkbase. You'll need to contact Splunk support for compatible versions of common first-party apps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the info. By mistake I have upgrade one indexer from 6.4 version to 7.3.2. Will it affect any performance issue? Please confirm.
Is there anyway to rollback the version upgrade?
Also I am planning to upgrade splunk version to 8.x version from 7.3.2 by the end of this month.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It depends on your deployment architecture.
If your license master is not also 7.3, your upgraded indexer is likely having problems communicating with it.
You can downgrade by reinstalling Splunk, but if you're not careful, that could result in data loss.
I recommend contacting Splunk support for hands on assistance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have upgraded all the instance from 6.6 to 7.3.2, only one splunk indexer I have directly upgraded from 6.4 to 7.3.2, I have not seen any error in indexer cluster & license master.
Now I am going to upgrade from 7.3 to 8.x .
Just last query why splunk recommends to upgrade 6.6 version from 6.4 and then upgrade to 7.3, why can't I directly upgrade from 6.4 to 7.3 version for all the splunk instance.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
