Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Upgrade Query

BRG
Engager
‎05-01-2021 11:49 AM

Hello Guys,

Currently I am using splunk 6.4 version in my organization. I want to upgrade all splunk instance to 7.3.2 version. Can i directly upgrade splunk version from 6.4 to 7.3.2 ? If no then in which version should i go first & why.

Labels (2)
Labels
0 Karma
Reply

tscroggins
Influencer
‎05-02-2021 08:11 AM

@BRG 

Supported upgrade paths are documented here: https://docs.splunk.com/Documentation/Splunk/7.3.2/Installation/HowtoupgradeSplunk 

You would upgrade to Splunk 6.6 first and then to Splunk 7.3. Note that support for Splunk 7.3 ends October 22, 2021. You should consider upgrading through Splunk 8.x if you can, but the process is complex given incompatibilities between earlier versions of forwarders and newer versions of Splunk.

Compatibility issues between Splunk 7.3 and Splunk 6.5 and earlier are noted here: https://docs.splunk.com/Documentation/Splunk/7.3.2/ReleaseNotes/Knownissues. Following the supported upgrade path will minimize the issues you encounter during the process.

Splunk 7.3.2 was released on October 2, 2019. I recommend upgrading to Splunk 6.6.11 first if 7.3.2 is your target. Also note that Splunk 7.3.3 includes a fix for timestamp extraction of dates with two digits years after 2019.

Irrespective of your upgrade path, you'll also need to maintain app/add-on compatibility throughout the process. This is difficult with older versions of Splunk given the frequency with which older apps are removed from Splunkbase. You'll need to contact Splunk support for compatible versions of common first-party apps.

0 Karma
Reply

BRG
Engager
‎05-02-2021 09:25 AM

Thanks for the info. By mistake I have upgrade one indexer from 6.4 version to 7.3.2. Will it affect any performance issue? Please confirm.

Is there anyway to rollback the version upgrade?

Also I am planning to upgrade splunk version to 8.x version from 7.3.2 by the end of this month.

0 Karma
Reply

tscroggins
Influencer
‎05-02-2021 12:29 PM

@BRG 

It depends on your deployment architecture.

If your license master is not also 7.3, your upgraded indexer is likely having problems communicating with it.

You can downgrade by reinstalling Splunk, but if you're not careful, that could result in data loss.

I recommend contacting Splunk support for hands on assistance.

0 Karma
Reply

BRG
Engager
‎05-02-2021 12:56 PM

@tscroggins

 

I have upgraded all the instance from 6.6 to 7.3.2, only one splunk indexer I have directly upgraded from 6.4 to 7.3.2, I have not seen any error in indexer cluster & license master.

Now I am going to upgrade from 7.3 to 8.x .

Just last query why splunk recommends to upgrade 6.6 version from 6.4 and then upgrade to 7.3, why can't I directly upgrade from 6.4 to 7.3 version for all the splunk instance.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top