I have been thrown into upgrading our current Splunk servers.
We are running 7.0.3 and need to get to the latest 8.2.4
Is that possible or do I need to do a step plan?
My current setup is as follow:
Master (not sure it is used)
Each individual server is a universal forwarder. But we are looking at putting in intermediate UFs between the servers and the indexers.
I a new to Splunk, so not sure where all to start. Also, how to verify licenses.
I assume indexer cluster is not used, please update us if you are using indexer cluster.
do you use any other Splunk Apps (like Splunk DB Connect, Splunk Enterprise Security, etc),
All the best for your upgrade project, thanks.
The first step is to figure if you Master Node is used or not because that will affect how the upgrade is done. Look in $SPLUNK_HOME/etc/system/local for the [clustering] stanza. If you see mode=master in that stanza then the MN is being used.
You'll need to upgrade to Splunk 8.0 or 8.1 before installing 8.2.4. See https://docs.splunk.com/Documentation/Splunk/8.2.4/Installation/HowtoupgradeSplunk#Upgrade_paths_to_...
a good document to getting known what you have if/when you have inherited your splunk environment https://docs.splunk.com/Documentation/Splunk/8.2.4/InheritedDeployment/Introduction.
Here is instructions in which order you should update your environment https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent....