Upgrade from 7.0.3 to 8.2.4

New Member

I have been thrown into upgrading our current Splunk servers.

We are running 7.0.3 and need to get to the latest 8.2.4

Is that possible or do I need to do a step plan?

My current setup is as follow:

Master (not sure it is used)
indexers (4)
searchheads (3)

Each individual server is a universal forwarder.  But we are looking at putting in intermediate UFs between the servers and the indexers.

I a new to Splunk, so not sure where all to start.  Also, how to verify licenses.

Labels (1)
0 Karma

Ultra Champion

Hi @surban ... As @richgalloway suggested, you should first upgrade to 8.0.x and then to the latest 8.2.x.

I assume indexer cluster is not used, please update us if you are using indexer cluster. 

do you use any other Splunk Apps (like Splunk DB Connect, Splunk Enterprise Security, etc),


All the best for your upgrade project, thanks. 

0 Karma


The first step is to figure if you Master Node is used or not because that will affect how the upgrade is done.  Look in $SPLUNK_HOME/etc/system/local for the [clustering] stanza.  If you see mode=master in that stanza then the MN is being used.

You'll need to upgrade to Splunk 8.0 or 8.1 before installing 8.2.4.  See

If this reply helps you, Karma would be appreciated.



a good document to getting known what you have if/when you have inherited your splunk environment

Here is instructions in which order you should update your environment

r. Ismo 

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...