Installation

Why must I upgrade to 7.2 first before 8.1

Jarohnimo
Builder

Say I'm on UF version 6.2 and I want to upgrade to 8.1. splunk documentation clearly states you must go from 6.6 ---> 7.2 ----> 8.1

I have no issue understand the process, I want to understand why? Where's the documentation published by splunk that dives into the need/ reason the intermediate jump to 7.2 is there?

Why is it impossible to go from 6.6 ---> 8.1 (once again I'm not fighting the process! ) I just want to know the explanation behind as to why?

 

Thanks

Labels (1)
0 Karma
1 Solution

96nick
Communicator

Looks like this was answered on the Slack. Reposting duckfez's reply for future Googlers:


The new suite and MAC are not compatible with the old suite. Splunk instances that run version 7.2 and higher of Splunk software have been configured by default to allow inter-Splunk communication using both the new and old suites. However, if you later configure a 7.2 or higher instance to run only the new suite and MAC, inter-Splunk communication between versions that run only the old suite is not possible. You cannot configure lower versions of Splunk software to use the new suite.

Source:

https://docs.splunk.com/Documentation/Splunk/7.2.0/Security/ConfigureS2Sonnewcipher

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Jarohnimo,

I don't know why is espressly required to not perform a direct upgrade of an UF from versions before 7 to 8, but this is clearly expressed at https://docs.splunk.com/Documentation/Splunk/8.0.1/Installation/AboutupgradingREADTHISFIRST#Key_poin...probably it equally runs, you could perform a test.

Why don't you open a case to Splunk Support?

Even if I'm sure that they will answer that this is and stop!

Ciao.

Giuseppe

0 Karma

96nick
Communicator

Looks like this was answered on the Slack. Reposting duckfez's reply for future Googlers:


The new suite and MAC are not compatible with the old suite. Splunk instances that run version 7.2 and higher of Splunk software have been configured by default to allow inter-Splunk communication using both the new and old suites. However, if you later configure a 7.2 or higher instance to run only the new suite and MAC, inter-Splunk communication between versions that run only the old suite is not possible. You cannot configure lower versions of Splunk software to use the new suite.

Source:

https://docs.splunk.com/Documentation/Splunk/7.2.0/Security/ConfigureS2Sonnewcipher

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...