Solved: Splunk 6.5.1 and Splunk Enterprise Security 4.5.1:...

brdr · ‎01-13-2017

Hi,

I know the order to upgrade Splunk components. But don't totally understand the path to upgrade from Splunk Enterprise 6.4.0 / Splunk Enterprise Security (ES) 4.1.1 to Splunk Enterprise 6.5.1 / ES 4.5.1 on the ES search head only.

Do I need to bring current ES 4.1.1 to Enterprise 6.4.4 first? Then upgrade to ES 4.5.1, then upgrade Enterprise to 6.5.1? Can anyone help? Thank you.

jwelch_splunk · ‎01-14-2017

Upgrade your core to 6.5.1

Then after you restart your search head upgrade to ES4.5.1

If it were me I would wait for 6.5.2 which should be coming soon.

It addresses a bundle replication issue and an ssl performance issue

View solution in original post

jwelch_splunk · ‎01-14-2017

Upgrade your core to 6.5.1

Then after you restart your search head upgrade to ES4.5.1

If it were me I would wait for 6.5.2 which should be coming soon.

It addresses a bundle replication issue and an ssl performance issue

sloshburch · ‎07-08-2019

For posterity, anyone who lands on this in the future may also appreciate @jmulcaster_splunk's post of an order-of-operations diagram with links to relevant documentation to help with upgrade planning. Check it out and let us know if you find it helpful. What's the order of operations for upgrading Splunk Enterprise?

brdr · ‎01-15-2017

Thank you.

Splunk 6.5.1 and Splunk Enterprise Security 4.5.1: What is upgrade path from Splunk 6.4.0 and ES 4.1.1?

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023