Just a quick question on Splunk Upgrade for ES
We are currently on Splunk ES v5.0.1 and Splunk Enterprise v184.108.40.206.
Now,we wanted to version upgrade to Splunk ES v5.3.1 and Splunk Enterprise v220.127.116.11.
With this, since we need to consider compatibility, do we need to upgrade to Splunk Enterprise v7.1.x first then upgrade Splunk ES App to v5.3.1, then we will upgrade to Splunk Enterprise v18.104.22.168 after? Is that correct? Or we can directly upgrade both from Splunk Enterprise v22.214.171.124 to v126.96.36.199 and Splunk ES App v5.0.1 to v5.3.1? Let me know which approach is correct.
I believe you can just upgrade directly from 7.0 to 7.2:
And then upgrade ES directly from 5.0 to 5.3:
We were on 6.63 in Enterprise and ES on 5.01. We upgraded our ClusterMaster first (to 7.2.x), then upgraded our SHC and at the same time upgraded ES to 5.3.1. After we confirmed 5.3.1 was happy, we upgraded our indexer cluster (to 7.2.x). Everything went fine after our Searchhead cluster calmed down. We had no issues with ES or our indexer cluster.
Hope this helps,
Hi BainM, does this means you have directly upgrade the Splunk Enterprise from 6.63 to v7.2.x starting with the Cluster Master, then upgraded the Splunk Enterprise version of the ES Search Head from 6.63 to v7.2.x and the ES App version from v5.0.1 to v5.3.1, and then after its good, you had upgraded the Splunk Enterprise version of the Peer Nodes/Clustered Indexers from 6.63 to v7.2.x. Is my understanding, correct?