Installation

upgrade Splunk 6.4 to splunk 6.5

mintughosh
Path Finder

Currently, we have splunk 6.4 installed on our distributed enviroment. In our enviroment, we have 3 search heads, 2 indexers and 1 master server that act as licensing and deployment server and 1 heavy forwarder. We need to upgrade to Splunk 6.5. The search heads and indexers are in clustered. How do I go ahead ? What would be rollback options.

Tags (1)
0 Karma
1 Solution

skalliger
Motivator

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

View solution in original post

0 Karma

skalliger
Motivator

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

0 Karma

andrey2007
Contributor

I think you should start from reading the docs

https://docs.splunk.com/Documentation/Splunk/6.5.3/Installation/HowtoupgradeSplunk

And here you can find info about downgrading for Unix for example(rollback)
Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...