- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Re: upgrade Splunk 6.4 to splunk 6.5
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently, we have splunk 6.4 installed on our distributed enviroment. In our enviroment, we have 3 search heads, 2 indexers and 1 master server that act as licensing and deployment server and 1 heavy forwarder. We need to upgrade to Splunk 6.5. The search heads and indexers are in clustered. How do I go ahead ? What would be rollback options.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster
When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.
An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.
- splunk stop on your master
- splunk stop on Indexers and Search Heads
- Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
- replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
- splunk start on your master, confirm the migration and upgrade process, accept license if needed.
- enable the maintenance-mode on your master
- Repeat the upgrade step on all indexers and search heads
- after all peers have been upgraded and started successfully, disable the maintenance-mode
- all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.
Any more questions?
Skalli
Edit: typo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster
When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.
An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.
- splunk stop on your master
- splunk stop on Indexers and Search Heads
- Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
- replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
- splunk start on your master, confirm the migration and upgrade process, accept license if needed.
- enable the maintenance-mode on your master
- Repeat the upgrade step on all indexers and search heads
- after all peers have been upgraded and started successfully, disable the maintenance-mode
- all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.
Any more questions?
Skalli
Edit: typo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you should start from reading the docs
https://docs.splunk.com/Documentation/Splunk/6.5.3/Installation/HowtoupgradeSplunk
And here you can find info about downgrading for Unix for example(rollback)
Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.
Mastering Threat Hunting
Harnessing Splunk’s Federated Search for Amazon S3
Infographic provides the TL;DR for the 2024 Splunk Career Impact Report
