Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

santosh_scb
Path Finder
‎08-30-2019 03:02 AM

Hi Team,

We are performing Splunk ES upgrade from 4.7.1 to 5.2.0.
Post upgrade, I have few .xml, .json files that needs to be mapped to ES5.2.0
For ex: We have customized correlation_search_edit.xml in ES 4.7.1 and it was modified.
Now, that in ES 5.2.0, correlation_search_edit.xml has been changed do I need to manually merge the above customized .xml changes post upgrade of ES to 5.2.0 or I can just keep local directory as it is post upgrade from ES 4.7.1 to ES 5.2.0 . I hope you understood my query.
Currently, I am not facing any issues but was thinking if it impacts the GUI display if I won't do manual merging of correlation_search_edit.xml file post upgrade.

Similar customizations have been done for some .json objects as well (Domain_Analysis.json, Incident_Management.json, Risk.json, Application_State.json, Authentication.json...). So for all these customizations do I need to manually merge post upgrade to ES 5.2.0

We are performing PROD ES. upgrade and post upgrade I need to be sure that all dashboards and datamodels are running without any issues.
regards, Santosh

0 Karma
Reply

jawaharas
Motivator
‎08-30-2019 05:36 AM

You should refer this document - Planning an upgrade of Splunk Enterprise Security.

  • The upgrade inherits any configuration changes and files saved in the app /local and /lookups paths.
  • The upgrade maintains local changes to the menu navigation.
0 Karma
Reply

jawaharas
Motivator
‎09-04-2019 06:48 PM

@santosh_scb
If my answer helped you, please accept and/or upvote it!

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...