Installation

upgrade Splunk 6.4 to splunk 6.5

mintughosh
Path Finder

Currently, we have splunk 6.4 installed on our distributed enviroment. In our enviroment, we have 3 search heads, 2 indexers and 1 master server that act as licensing and deployment server and 1 heavy forwarder. We need to upgrade to Splunk 6.5. The search heads and indexers are in clustered. How do I go ahead ? What would be rollback options.

Tags (1)
0 Karma
1 Solution

skalliger
SplunkTrust
SplunkTrust

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

View solution in original post

0 Karma

skalliger
SplunkTrust
SplunkTrust

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

0 Karma

andrey2007
Contributor

I think you should start from reading the docs

https://docs.splunk.com/Documentation/Splunk/6.5.3/Installation/HowtoupgradeSplunk

And here you can find info about downgrading for Unix for example(rollback)
Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...