What’s the path of upgrading from 7.3.3 with ES an...

danielbb · ‎01-08-2020

We would like to upgrade from 7.3.3 to 8.0, having ITSI and ES. How should we go about it?

esnyder_splunk · ‎01-14-2020

Note that 8.0 is the Python 3 release of Splunk. Whether you want to use Python 2 or 3, the order of operations and the appropriate versions of apps and add-ons are more rigid than usual. Full instructions for all upgrade scenarios with ITSI are covered here: Python 3 migration with ITSI.

Note the following:
- ITSI version 4.4.x is completely Python 2/3 compatible.
- Splunk Enterprise Security version 6.0 is compatible with Splunk Enterprise version 8.0, though it currently requires the Python 2 interpreter that ships with Splunk Enterprise 8.0.

Your upgrade path depends on whether or not you want to use Python 2 or Python 3. Regardless, because of the Python 3 migration changes, you MUST upgrade ITSI before you upgrade Splunk Enterprise, or else ITSI breaks.

Note: ITSI 4.4.x is the only version that's compatible with Splunk Enterprise version 8.0.x. See the Splunk products version compatibility matrix for more information.

A more complete manual for Python 3 migration with all premium apps (including ITSI and ES) is available in the Splunk Enterprise Python 3 Migration manual: https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration

What’s the path of upgrading from 7.3.3 with ES and ITSI to 8.0?

upgrade

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?