Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Upgrade multiple clusters splunk from 7.1.0 to 7.2.7

Chamrong
Explorer
‎07-10-2019 01:25 PM

Hi All

I have two splunk clusters. Each cluster has 2 sites
Cluster 1 Site 1: 3 Search Head, License Master, Index cluster master, 4 indexer, Deployment server, Search Head deployer/HF2, and HF1
Cluster 1 Site 2: 4 indexer, Deployment server, Warm Standby License Master, Warm Standby indexer cluster master, Search Head deployer/HF2, and HF1 (No search head in site 2)
Cluster 2 Site 1: Index cluster master, 4 indexer, Deployment server, HF2, and HF1
Cluster 2 Site 2: 4 indexer, Deployment server, HF2, and HF1

I am working on upgrading from 7.1.0 to 7.2.7. What is the sequence of upgrade?

is each cluster upgrade independently? if so, can I follow this procedure? https://docs.splunk.com/Documentation/Splunk/7.2.7/Indexer/Upgradeacluster

  1. Upgrade cluster 1
  2. Make sure all working (all host up, SF and RF are met)
  3. Upgrade cluster 2
  4. Make sure all working(all host up, SF and RF are met)

Do I have to change the index.conf of the default stanza after step 14?
[default]
tsidxWritingLevel=2

Labels (4)
Reply

Chamrong
Explorer
‎07-31-2019 10:45 AM

Hi all

I already did the upgrade. I did abit different path.

Treat each cluster separately. It is like two Splunk instants

in clustser 1, I upgrade in order of
1. Index cluster master
2. ALL search head and Indexer (all sites). It is because search head is only exist in site1. Data being ingest only from site1
3. license master, SH deployer, deploer, HF

In cluster 2,
1. Index cluster master
2. ALL indexer (because ongested from 1 site)
3. Deploer, HF

I got 8 mins downtimes, but it goes smooth.

Chamrong

Reply

BainM
Communicator
‎07-31-2019 10:50 AM

Thank you very much. Upvoted!

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-16-2019 11:25 AM

Yes, if the clusters are not talking to each other than you should be fine to follow the normal documentation. If they are not independent, let us know how they communicate to each other.

See What's the order of operations for upgrading Splunk Enterprise? for the answer.

Reply

BainM
Communicator
‎07-31-2019 10:30 AM

Hello @Chamrong -

Were you able to accomplish the upgrade using the methods you guys talk about here? Did you encounter any issues? We want to do something similar.

Thanks!
Mike

0 Karma
Reply

Chamrong
Explorer
‎07-16-2019 12:08 PM

Hi @SloshBurch
Cluster1 and Cluster2 has it's own indexer cluster master, but they share same Search Head cluster (Search Head cluster from Cluster1 search data to both Cluster 1 and Cluster2)

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎07-17-2019 06:45 AM

Oh ok. So check out that link I previously provided but I'm pretty sure it will show you that you merely upgrade the indexers last. Therefore, your search heads being shared will be not an issue because they will be on the latest before any cluster starts upgrading.

Does that make sense to you?

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...