What’s the path of upgrading from 7.3.3 with ES and ITSI to 8.0?


We would like to upgrade from 7.3.3 to 8.0, having ITSI and ES. How should we go about it?

Labels (1)
Tags (4)
0 Karma

Splunk Employee
Splunk Employee

Note that 8.0 is the Python 3 release of Splunk. Whether you want to use Python 2 or 3, the order of operations and the appropriate versions of apps and add-ons are more rigid than usual. Full instructions for all upgrade scenarios with ITSI are covered here: Python 3 migration with ITSI.

Note the following:
- ITSI version 4.4.x is completely Python 2/3 compatible.
- Splunk Enterprise Security version 6.0 is compatible with Splunk Enterprise version 8.0, though it currently requires the Python 2 interpreter that ships with Splunk Enterprise 8.0.

Your upgrade path depends on whether or not you want to use Python 2 or Python 3. Regardless, because of the Python 3 migration changes, you MUST upgrade ITSI before you upgrade Splunk Enterprise, or else ITSI breaks.

Note: ITSI 4.4.x is the only version that's compatible with Splunk Enterprise version 8.0.x. See the Splunk products version compatibility matrix for more information.

A more complete manual for Python 3 migration with all premium apps (including ITSI and ES) is available in the Splunk Enterprise Python 3 Migration manual:

0 Karma