hi All,
Does anyone has any idea about the cons if we upgrade a UF on Linux/Windows machine without stopping the splunk service?
In documentation ut says first we need stop the splunk service and then install the new/higher version like from v7.0.5 to v7.3.1
Thanks,
Devon
Upgrading involves replacing a bunch of files in the install directory. You can't do that if your splunk instance is still running.
Depending on the platform and install method, you'll either get errors from the installer, or get errors that files cannot be overwritten because they are in use.
Also for example on linux when you use the method to manually unpack a tgz archive, the first time splunk starts after the upgrade, some actions are performed.
All-in-all: just follow the instructions and stop the UF before upgrading.
hi @FrankVl
I have tried on Windows, Ubuntu and CentOS by running the installer without stopping the Splunk UF process and it seems the installer will stop the process and then proceeds with replacing the files and upgrade steps. I havent seen any errors post upgrading on the logs.
Thanks,
Devon
That could be. On windows I know that is indeed the case, on linux there are various installer options, while many people also just manually unpack and deploy the tgz archive. I guess that is why the docs choose the better safe than sorry option and recommend to stop splunk before installing, so there is no dependency on the particular installer being used.
Also, it is good to realize that even if the installer does it for you, the install does involve stopping and starting splunk.
The installer attempts to stop the service.