Hi all, Currently in my organisation we have medium sized Splunk instance (clustered Indexers, multiple Search Heads using pooled storage etc) running on Windows boxes. The version of Splunk installed is 6.4.1. We would like to upgrade to version 7.1 and migrate to a Linux platform - can this be done as one step (or at least without installing 6.4.1 on the new Linux platform, then upgrading to 6.5 and finally 7.1)?
I know that to upgrade from Splunk version 6.4 or below to 7.1 that you first upgrade to 6.5, then upgrade again to 7.1 - I assume this is because the format of the data in the indexes has been changed. But for the sake of saving some steps when migrating OS is there a way to migrate the data and config from the Windows 6.4.1 install to a new installed on LInux running 6.5, then once that is completed upgrade that install to 7.1?
One possible solution I thought of is just put the -manifest files from version 6.4.1 in the correct places (along with data and config) on the new Linux servers and run the 6.5 installer so it 'thinks' it's upgrading? - would this work?
Or am I going about this the wrong way - should I stand up my new LInux servers, install 7.1 immediately and import the indexes directly from version 6.4.1 on the Windows boxes? * - which seems like a long shot, it's certianly not documented anywhere I can see!*
Or should I stop looking for short cuts and just accept migrating host OS will be another step along with an upgrade to 6.5 and then to 7.1?!
Not sure if you have done this already, but I would highly encourage limiting the changes at a given time otherwise investigating issues can become impossible. Upgrade Splunk and let it sit for a while. If all is good then explore changing OS. The OS part is relatively much more extreme of a change and may require professional services.