I am currently running SPLUNK Enterprise 6.5.1 with ES and we would like to upgrade to ES 5.0 which requires ASPLUNK Enterprise 6.6 or 7.0.
I am looking for recommended upgrade process. I have a license\deployment server, 1 search head with ES, 1 light weight forwarder and 2 indexers.
is there an order for the devices?
should I stop the splunkd from running?
can I just untar the .tgz file to /opt/splunk?
I do have a process that backsup all the custom stanzas and lookup tables.
Thanks!
Below are the steps to upgrade:
upgrade Splunk Enterprise to a compatible version. Refer:
http://docs.splunk.com/Documentation/Splunk/7.0.3/Installation/HowtoupgradeSplunk
Also for distributed environment refer: http://docs.splunk.com/Documentation/Splunk/7.0.3/Installation/UpgradeyourdistributedSplunkEnterpris...
Upgrade Splunk Enterprise Security. Refer: http://docs.splunk.com/Documentation/ES/5.0.0/Install/Upgradetonewerversion
Review, upgrade, and deploy add-ons.
Also, read docs carefully before upgrading. 🙂
is there a difference between core splunk tar file and splunk enterprise?
also my forwarder has a folder of /trvapps/splunkforwarder instead of /trvapps/splunk, so how to I tar that file into that folder?
I create a test folder and did a tar -xzf splunk-7xxx.gz from the /trvapps/test folder and it created a splunk folder, so I am guessing when I upgrade I want to be /trvapps if the splunk folder already exists?
Thanks!