Hello,
Our current setup is: Deployment Server -> Multiple Forwarders -> Universal Forwarder/Indexer-> Server
I'm looking to upgrade the Deployment Server and the Universal Forwarder/Indexer from Splunk 6.1.1 to 6.3.1 and move it to a new server, since forwarders are backwards compatible.
I'm relatively new to Splunk and wanted to know the best way to go about this and the process. Would it be simpler to upgrade Splunk to the latest version in their current server, backup, and migrate them, or backup, migrate, and upgrade them?
Any information is greatly appreciated. Thank you!
It really is that simple.
It really is that simple.
Have you checked the following? http://docs.splunk.com/Documentation/Splunk/6.3.0/Installation/HowtoupgradeSplunk
http://docs.splunk.com/Documentation/Splunk/6.3.0/Forwarding/UpgradetheNixforwarder is very interesting as you install the universal forwarder package over the existing deployment.
I have. I just wanted to know if backing up your data was really just as simple as copying your data/config and keeping it stored elsewhere during the upgrade?
I believe I have a full instance of splunk enterprise that acts as a forwarder and indexer. Is this what you consider a nix forwarder?