- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Re: Splunk upgrade from 7.x to 8.x
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
We have splunk environment consisting of :
Search head cluster (v7.33)
Index cluster (v7.0)
Deployment Server (v7.0)
Heavy Forwarders (v7.0 and v 6.6)
Deployer (v7.0)
We are planning to upgrade the environment to latest version. What should be the approach for the upgrade and what should be the sequence of upgrade. Also how can I check whether all of my installed apps are compatible with Splunk 8.x
Thanks.
Regards,
Abhi
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi sahabhi606,
In terms of steps:
1. Test your apps and make sure they are compatible with 8.0 (you need to go to Splunk base and check if they are compatible)
2. Upgrade Deployment Server (disable it first, then upgrade, do not restart it yet)
3. Upgrade Search Heads
4. Upgrade Indexers (once completed you can now restart your deployment server)
5. Upgrade Forwarders
While upgrading the indexer cluster follows steps mentioned in:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Upgradeacluster
While upgrading the search cluster follows steps mentioned in:
https://docs.splunk.com/Documentation/Splunk/8.0.1/DistSearch/UpgradeaSHC
For more info:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Installation/UpgradeyourdistributedSplunkEnterpri...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi sahabhi606,
In terms of steps:
1. Test your apps and make sure they are compatible with 8.0 (you need to go to Splunk base and check if they are compatible)
2. Upgrade Deployment Server (disable it first, then upgrade, do not restart it yet)
3. Upgrade Search Heads
4. Upgrade Indexers (once completed you can now restart your deployment server)
5. Upgrade Forwarders
While upgrading the indexer cluster follows steps mentioned in:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Indexer/Upgradeacluster
While upgrading the search cluster follows steps mentioned in:
https://docs.splunk.com/Documentation/Splunk/8.0.1/DistSearch/UpgradeaSHC
For more info:
https://docs.splunk.com/Documentation/Splunk/8.0.1/Installation/UpgradeyourdistributedSplunkEnterpri...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For step 1, would looking at the app's compatibility to the upgraded version be sufficient?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have the same basic layout minus the heavy forwarders and all at v7.2.1 we want to go to latest as well but I need to have an idea of how long these steps will take and if there is any data modification for the new version of Splunk Enterprise. Can you give me an idea?
1 cluster master server
1deployment master server
1deploy server
1 multisite cluster of 3 indexers in site 1 and 2 indexers in site 2. so a total of 5 indexers.
2 search heads in a cluster behind a load balancer
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
