Splunk Cloud Platform

Upgrade Deployment server in splunk cloud

sekhar463
Path Finder

Hai All,

we are using splunk cloud platform and planning to upgrade deployment server to 9.0 to remediate vulnerability

is it required to upgrade forwarders also currently forwarder version using 8.2.4 and 8.0.0

suggest.

 

Thanks

 

Labels (1)
0 Karma
1 Solution

diogofgm
SplunkTrust
SplunkTrust

Splunk Enterprise 9.0 fixes a critical vulnerability in deployment server but might introduce problems for older deployment clients

If you run a deployment server, upgrade that server to version 9.0 of Splunk Enterprise as soon as possible. Before the upgrade, carefully review your deployment server setup and the current versions of the deployment clients in your Splunk Enterprise network. Depending on the setup of your deployment server and whether that component shares a computer with other Splunk Enterprise components, you might need to do the following to ensure your deployment server and clients communicate without problems:

  • Isolate deployment server from other components on a machine. Isolating your deployment server means you only have to upgrade that component. The sole exception for isolation is if you run a deployment server and a license manager on the same machine.
  • Confirm that all deployment clients in your network run version 7.0.0 or higher of Splunk Enterprise or the universal forwarder. You don't have to upgrade deployment clients to version 9.0.0, but they must be at version 7.0.0 or higher to communicate with version 9.0.0 deployment servers.
------------
Hope I was able to help you. If so, some karma would be appreciated.

View solution in original post

sekhar463
Path Finder

Thanks The helps.

i am not seeing this in docs can you send any more information on this 

0 Karma

diogofgm
SplunkTrust
SplunkTrust

Splunk Enterprise 9.0 fixes a critical vulnerability in deployment server but might introduce problems for older deployment clients

If you run a deployment server, upgrade that server to version 9.0 of Splunk Enterprise as soon as possible. Before the upgrade, carefully review your deployment server setup and the current versions of the deployment clients in your Splunk Enterprise network. Depending on the setup of your deployment server and whether that component shares a computer with other Splunk Enterprise components, you might need to do the following to ensure your deployment server and clients communicate without problems:

  • Isolate deployment server from other components on a machine. Isolating your deployment server means you only have to upgrade that component. The sole exception for isolation is if you run a deployment server and a license manager on the same machine.
  • Confirm that all deployment clients in your network run version 7.0.0 or higher of Splunk Enterprise or the universal forwarder. You don't have to upgrade deployment clients to version 9.0.0, but they must be at version 7.0.0 or higher to communicate with version 9.0.0 deployment servers.
------------
Hope I was able to help you. If so, some karma would be appreciated.

diogofgm
SplunkTrust
SplunkTrust

As per docs here https://docs.splunk.com/Documentation/Splunk/9.0.0/Installation/AboutupgradingREADTHISFIRST Forwarders must be v7 or higher to communicate with v9 Deployment servers

------------
Hope I was able to help you. If so, some karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...