Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

santosh_scb
Path Finder
‎08-30-2019 03:02 AM

Hi Team,

We are performing Splunk ES upgrade from 4.7.1 to 5.2.0.
Post upgrade, I have few .xml, .json files that needs to be mapped to ES5.2.0
For ex: We have customized correlation_search_edit.xml in ES 4.7.1 and it was modified.
Now, that in ES 5.2.0, correlation_search_edit.xml has been changed do I need to manually merge the above customized .xml changes post upgrade of ES to 5.2.0 or I can just keep local directory as it is post upgrade from ES 4.7.1 to ES 5.2.0 . I hope you understood my query.
Currently, I am not facing any issues but was thinking if it impacts the GUI display if I won't do manual merging of correlation_search_edit.xml file post upgrade.

Similar customizations have been done for some .json objects as well (Domain_Analysis.json, Incident_Management.json, Risk.json, Application_State.json, Authentication.json...). So for all these customizations do I need to manually merge post upgrade to ES 5.2.0

We are performing PROD ES. upgrade and post upgrade I need to be sure that all dashboards and datamodels are running without any issues.
regards, Santosh

0 Karma
Reply

jawaharas
Motivator
‎08-30-2019 05:36 AM

You should refer this document - Planning an upgrade of Splunk Enterprise Security.

  • The upgrade inherits any configuration changes and files saved in the app /local and /lookups paths.
  • The upgrade maintains local changes to the menu navigation.
0 Karma
Reply

jawaharas
Motivator
‎09-04-2019 06:48 PM

@santosh_scb
If my answer helped you, please accept and/or upvote it!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...