Hi Team,
We are performing Splunk ES upgrade from 4.7.1 to 5.2.0.
Post upgrade, I have few .xml, .json files that needs to be mapped to ES5.2.0
For ex: We have customized correlation_search_edit.xml in ES 4.7.1 and it was modified.
Now, that in ES 5.2.0, correlation_search_edit.xml has been changed do I need to manually merge the above customized .xml changes post upgrade of ES to 5.2.0 or I can just keep local directory as it is post upgrade from ES 4.7.1 to ES 5.2.0 . I hope you understood my query.
Currently, I am not facing any issues but was thinking if it impacts the GUI display if I won't do manual merging of correlation_search_edit.xml file post upgrade.
Similar customizations have been done for some .json objects as well (Domain_Analysis.json, Incident_Management.json, Risk.json, Application_State.json, Authentication.json...). So for all these customizations do I need to manually merge post upgrade to ES 5.2.0
We are performing PROD ES. upgrade and post upgrade I need to be sure that all dashboards and datamodels are running without any issues.
regards, Santosh
You should refer this document - Planning an upgrade of Splunk Enterprise Security.
@santosh_scb
If my answer helped you, please accept and/or upvote it!