Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

upgrade Splunk 6.4 to splunk 6.5

mintughosh
Path Finder
‎05-28-2017 07:42 PM

Currently, we have splunk 6.4 installed on our distributed enviroment. In our enviroment, we have 3 search heads, 2 indexers and 1 master server that act as licensing and deployment server and 1 heavy forwarder. We need to upgrade to Splunk 6.5. The search heads and indexers are in clustered. How do I go ahead ? What would be rollback options.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

skalliger
Motivator
‎05-29-2017 12:47 AM

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

skalliger
Motivator
‎05-29-2017 12:47 AM

Hi,

the upgrading process for indexer clusters is described here: http://docs.splunk.com/Documentation/Splunk/6.5.2/Indexer/Upgradeacluster

When you want do an upgrade, you can not do a rolling-update which means you need to upgrade all instances before bringing them back online.

An upgrade is simply replacing the files in your installation destination (like /opt/splunk/). So, a simple backup would be to backup your splunk directory before upgrading.

  1. splunk stop on your master
  2. splunk stop on Indexers and Search Heads
  3. Upgrade your master (http://docs.splunk.com/Documentation/Splunk/6.5.2/Installation/Upgradeto6.5onUNIX)
  4. replace files from the release in your installation directory on your master (e.g. tar zxf splunk-6.x.x-.tgz -C /opt/)
  5. splunk start on your master, confirm the migration and upgrade process, accept license if needed.
  6. enable the maintenance-mode on your master
  7. Repeat the upgrade step on all indexers and search heads
  8. after all peers have been upgraded and started successfully, disable the maintenance-mode
  9. all peers must be on the same maintenance level (e.g. 6.5.2) and must not be a higher version than your master.

Any more questions?

Skalli

Edit: typo

0 Karma
Reply
Solved! Jump to solution

andrey2007
Contributor
‎05-29-2017 12:47 AM

I think you should start from reading the docs

https://docs.splunk.com/Documentation/Splunk/6.5.3/Installation/HowtoupgradeSplunk

And here you can find info about downgrading for Unix for example(rollback)
Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want.

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...