Hi @chenfan ,

the impact on license is null because you pay license based on the logs that are daily indexed, so probably they will be the same.

About feature, you have many additional feature in the new Splunk version, you can read at the links I shared to see the new features and the removed features.

Put very much attention to the migration path and follow every step (even if it's very long!), because between 7 and 9 versions there were many structural changes (Pyton, mongodb, html, etc...).

Then you have also to upgrade all the apps, because some of them aren't compatible with the old app versions.

Then remember thet there's an orden in upgrading:

• Cluster Manager,
• Search Heads,
• Indexers,
• Other Splunk Servers (e.g. Deployment Server or Monitoring Console),
• Heavy Forwarders
• Universal Forwarders;

and this order must be maintained for each upgrade level (7->8 all the steps, 8->9 all the steps).

Last hint: plan all the steps in a document to be sure that you aren't forgotting any step.

As I said, it will be a very long job, and it could be a good idea, to engage a certified Splunk Architect in the design phase and eventually also in the execution phase.

Ciao.

Giuseppe

Hi @gcusello，
Thankyou for your reply, it's very helpful for me. Can it be directly upgraded from 7.2.x to 9.2.x since it is a single node?

Hi @chenfan ,

no, as I said, you have to complete the steps in upgrade for all the nodes level by level:

at first, all the nodes from 7 to 8, than the others, you cannot upgrade node by node, but all the nodes of each level of the upgrade path.

Ciao.

Giuseppe

Hello @chenfan 

You cannot do direct upgrade from 7.2.x to 9.2.x. You have to go throught version levels as @gcusello mentioned in previous post. 

Have a nice day,

Hi @chenfan ,

let us know if we can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

Hi @gcusello

Thank you for your reply！

Can I upgrade the platform from version 7.x.x to version 9.3.x and then uniformly upgrade the Apps/Add-ons to their latest versions? Will this have an impact on my system?

This is depending from those apps. You must first check which are working in which splunk versions. It’s quite probable that you need to update those also step by step as it’s quite possible that same version doesn’t work on 7.x and 9.3. Also it’s possible that some apps don’t work anymore in 9.3. Also some may need OS level updates like OS version, Java or python updates etc.

Depending of your data and integrations you should even think and plan if it’s possible to setup totally new node up with fresh install and newest apps. That could be much easier way to do version update? Of course it probably needs that you could leave the old node up and running until its data have expired. Also you must transfer license to new server and add old as a license client for it.

Hi @chenfan ,

as I said, upgrade your platform using the upgrade path described in the documentation, don't skip any step!

Then you can upgrade your apps.

Ciao.

Giuseppe

Hi, @gcusello 
Considering various factors, we have decided to directly deploy a new Splunk Enterprise 9.3.X instance. Can we directly deploy the License file to the new instance?

Hi @chenfan ,

Ok, there's no requirement on the license.

Anyway, the choose of install from scratch a new instance is a strange approach because you said to have a structured architecture with many servers and componente: in other words you want to start a new infrastructure,

I'm not sure that you save time creating from scratch the same infrastructure and copying all the apps and configurations, but it's your choose!

Ciao.

Giuseppe