Installation

Upgrade Splunk from 7.1.x to 8.x

rahul2gupta
Path Finder

Hi @gcusello ,

We are planning to upgrade our Splunk environment from 7.1.x(current version) to 8.1 version.

We have single-instance Splunk environment. Just read in one of the doc that it needs to be in three following phases. But could not find steps/commands to upgrade it.

  1. Backup
  2. Upgradation
  3. Testing

We have a search head ( axxxxxhd01 ), Indexer ( xxxxxhd01 ) and a forwarder ( xxxxxfw01).

  1. Can you please guide us on upgrading to version 8.1 on Unix.? (Commands)
  2. Do we need to upgrade all i.e SH, Indexer and Forwarder, If yes what should be sequence to upgrade it.

Regards,

Rahul

Labels (4)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @rahul2gupta,

as @richgalloway said, you have a distributed environment, so at first see the documentation at 

https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/HowtoupgradeSplunk and at https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/UpgradeyourdistributedSplunkEnterpri...

In few words: you can upgrade in one step for each machine from 7.1 to 8.1.x, the step to follo are these:

  • check the compatibility of your apps with the new environment using the Splunk Platform Upgrade Readiness App (https://splunkbase.splunk.com/app/4698/),
  • backup the three machines,
  • upgrade at first Search Head,
  • upgrade apps;
  • upgrade Indexer,
  • upgrade Heavy Forwarder,
  • test the new environment.

Ciao.

Giuseppe

0 Karma

rahul2gupta
Path Finder

Hi @gcusello ,

Do we need to install this app to check the compatibility (https://splunkbase.splunk.com/app/4698/)

What are the commands to upgrade Splunk from 7.1 to 8.1?

Regards,

Rahul 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @rahul2gupta,

yes you have to install the Readiness App on your Search Head and also on Indexer and Heavy Forwarder if you have apps on these servers.

The app gives you a report about compatibility of the installed apps with the new version of Splunk (and Python3) so you can know which apps you have to upgrade to work on the new Splunk version.

About the Splunk upgrade, after you did a backup, you have to:

  • copy the Splunk installer on the server to upgrade,
  • run the command to update the files, if you usually use rpm it's 
rpm -U splunk-8.......rpm
  • launch Splunk:
/opt/splunk/bin/splunk start --accept-license
  • the installation procedure will ask you to confirm,
  • then it works by itself.

you can find this procedure at https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/UpgradeonUNIX

Remember, at the end, to configure your Splunk to run with Python3: https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/Python3LowEffort

Ciao.

Giuseppe

0 Karma

rahul2gupta
Path Finder

Hi @gcusello ,

I tried to upgrade my Splunk Indexer(axxxxxx) but after accepting license agreement , interface was not available so I reverted it back.

Can you please help me to understood as why it happened and now how should I upgrade it to 8.1.3?

Regards,

Rahul

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Have you already read those read me first etc. instructions where is told what you must do and ensure before updates? And have you fixed those blockers and preferably also warnings give by platform upgrade readiness app?
r. Ismo
0 Karma

rahul2gupta
Path Finder

Hi @gcusello ,

Thank you for the doc. Can you please help how to "Confirm that no other processes will automatically start Splunk Enterprise, such as a configuration management or service management tool" ?

URL: https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/UpgradeonUNIX (point no.4)

rahul2gupta_0-1618220746636.png

Regards,

Rahul

 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @rahul2gupta,

this is a strange behaviour of the installation procedure because the documented procedure says to stop Splunk before to start upgrading, but when you run the upgrade command, Splunk gives an error message that the system isn't running!

In other words that item ("confirm ...") is related to the point that Splunk must be stopped for upgrade, and you could have (and you have to check this) an automatic restart deamon, that I never saw in my experience.

Ciao.

Giuseppe

0 Karma

rahul2gupta
Path Finder

Hi @gcusello ,

Thank you for the clarification.

I was wondering, if the things do not go as expected. so what should be the Roll-back plan?

Regards,

Rahul

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @rahul2gupta,

using a unix system, the restore plan is easy:

  • stop the new Splunk instance,
  • copy the backupped splunk forder on the installation folder,
  • restart Splunk.

Anyway, it's correct to have always a roll-back plain but this is a quiet upgrade if you have all the apps for the new environment and surely you'll now have any problem.

Ciao.

Giuseppe.

0 Karma

rahul2gupta
Path Finder

Hi @gcusello ,

We installed an app "Splunk Platform Upgrade Readiness App" and scanned all the apps in our existing environment.

It shows the following output.

rahul2gupta_0-1618895565346.png

 

Query: What is blocker apps and what should be our next step?

Regards,

Rahul Gupta

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Blocker apps are something what you must fix before update. You should see those on that report and also this report should show you some hints what is wrong with those and how to fix those.

Here is one other good link to update order of distributed environment https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent.... Unfortunately they haven't added to use of that readiness app here.

r. Ismo

0 Karma

richgalloway
SplunkTrust
SplunkTrust

If you have a separate  search head and indexer then you do not have a single-instance Splunk environment.  You have a distributed Splunk environment.

Here are the steps:

  1. Read the Release Notes for every version from the one that's running now through and including the one you wish to install.  Make a note of every special instruction or condition for upgrading to that version.
  2. For each version noted, plan to install that version before upgrading to the next.
  3. Read the Installation Manual (https://docs.splunk.com/Documentation/Splunk/8.1.3/Installation/UpgradeyourdistributedSplunkEnterpri... )
  4. Upgrade the SH, then the indexer, then the forwarder.

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...