Splunk Enterprise Security

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

santosh_scb
Path Finder

Hi Team,

We are performing Splunk ES upgrade from 4.7.1 to 5.2.0.
Post upgrade, I have few .xml, .json files that needs to be mapped to ES5.2.0
For ex: We have customized correlation_search_edit.xml in ES 4.7.1 and it was modified.
Now, that in ES 5.2.0, correlation_search_edit.xml has been changed do I need to manually merge the above customized .xml changes post upgrade of ES to 5.2.0 or I can just keep local directory as it is post upgrade from ES 4.7.1 to ES 5.2.0 . I hope you understood my query.
Currently, I am not facing any issues but was thinking if it impacts the GUI display if I won't do manual merging of correlation_search_edit.xml file post upgrade.

Similar customizations have been done for some .json objects as well (Domain_Analysis.json, Incident_Management.json, Risk.json, Application_State.json, Authentication.json...). So for all these customizations do I need to manually merge post upgrade to ES 5.2.0

We are performing PROD ES. upgrade and post upgrade I need to be sure that all dashboards and datamodels are running without any issues.
regards, Santosh

0 Karma

jawaharas
Motivator

You should refer this document - Planning an upgrade of Splunk Enterprise Security.

  • The upgrade inherits any configuration changes and files saved in the app /local and /lookups paths.
  • The upgrade maintains local changes to the menu navigation.
0 Karma

jawaharas
Motivator

@santosh_scb
If my answer helped you, please accept and/or upvote it!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...