Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Upgrade multiple clusters splunk from 7.1.0 to 7.2.7

Chamrong
Explorer
‎07-10-2019 01:25 PM

Hi All

I have two splunk clusters. Each cluster has 2 sites
Cluster 1 Site 1: 3 Search Head, License Master, Index cluster master, 4 indexer, Deployment server, Search Head deployer/HF2, and HF1
Cluster 1 Site 2: 4 indexer, Deployment server, Warm Standby License Master, Warm Standby indexer cluster master, Search Head deployer/HF2, and HF1 (No search head in site 2)
Cluster 2 Site 1: Index cluster master, 4 indexer, Deployment server, HF2, and HF1
Cluster 2 Site 2: 4 indexer, Deployment server, HF2, and HF1

I am working on upgrading from 7.1.0 to 7.2.7. What is the sequence of upgrade?

is each cluster upgrade independently? if so, can I follow this procedure? https://docs.splunk.com/Documentation/Splunk/7.2.7/Indexer/Upgradeacluster

  1. Upgrade cluster 1
  2. Make sure all working (all host up, SF and RF are met)
  3. Upgrade cluster 2
  4. Make sure all working(all host up, SF and RF are met)

Do I have to change the index.conf of the default stanza after step 14?
[default]
tsidxWritingLevel=2

Labels (4)
Reply

Chamrong
Explorer
‎07-31-2019 10:45 AM

Hi all

I already did the upgrade. I did abit different path.

Treat each cluster separately. It is like two Splunk instants

in clustser 1, I upgrade in order of
1. Index cluster master
2. ALL search head and Indexer (all sites). It is because search head is only exist in site1. Data being ingest only from site1
3. license master, SH deployer, deploer, HF

In cluster 2,
1. Index cluster master
2. ALL indexer (because ongested from 1 site)
3. Deploer, HF

I got 8 mins downtimes, but it goes smooth.

Chamrong

Reply

BainM
Communicator
‎07-31-2019 10:50 AM

Thank you very much. Upvoted!

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-16-2019 11:25 AM

Yes, if the clusters are not talking to each other than you should be fine to follow the normal documentation. If they are not independent, let us know how they communicate to each other.

See What's the order of operations for upgrading Splunk Enterprise? for the answer.

Reply

BainM
Communicator
‎07-31-2019 10:30 AM

Hello @Chamrong -

Were you able to accomplish the upgrade using the methods you guys talk about here? Did you encounter any issues? We want to do something similar.

Thanks!
Mike

0 Karma
Reply

Chamrong
Explorer
‎07-16-2019 12:08 PM

Hi @SloshBurch
Cluster1 and Cluster2 has it's own indexer cluster master, but they share same Search Head cluster (Search Head cluster from Cluster1 search data to both Cluster 1 and Cluster2)

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-17-2019 06:45 AM

Oh ok. So check out that link I previously provided but I'm pretty sure it will show you that you merely upgrade the indexers last. Therefore, your search heads being shared will be not an issue because they will be on the latest before any cluster starts upgrading.

Does that make sense to you?

0 Karma
Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top