Splunk Enterprise Security

Splunk Enterprise upgrade: Does Enterprise Security version need compatibility with old and new versions?

a_kearney
Path Finder

I am looking to upgrade Splunk Enterprise from 6.6.9 to 8.0.x. I understand this will take at least one intermediary step to Splunk 7.x.

Splunk Enterprise Security 4.7.6 is also installed on the deployment and will require updating to remain compatible. The plan is to end up with SES 6.0.x.

It seems that when upgrading SE the SES version should be compatible with the current version of SE and the version to upgrade to. https://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/AboutupgradingREADTHISFIRST

My problem then comes as I can't find a version of SES that is both compatible with 6.6.x/7.0 and 7.1+, according to the matrix on this page: https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix

Am I interpreting the documentation correctly? And if so what possible workarounds could be used?

Thanks

0 Karma
1 Solution

maraman_splunk
Splunk Employee
Splunk Employee

Hi

ES app upgrade is done just after Core upgrade in that case, see upgrade ES doc. (so when you launch ES setup, you are on a supported combination)
Please make sure you do backups and are reading all the known issues, especially, you may have some files to clean up from old versions

View solution in original post

maraman_splunk
Splunk Employee
Splunk Employee

Hi

ES app upgrade is done just after Core upgrade in that case, see upgrade ES doc. (so when you launch ES setup, you are on a supported combination)
Please make sure you do backups and are reading all the known issues, especially, you may have some files to clean up from old versions

skalliger
SplunkTrust
SplunkTrust

Splunk 8 with ES 6.0 is not considered stable yet and I'd not advice to use those versions in production, yet.
You might want to consider upgrading to Splunk Enterprise version 7.3.3 with ES 5.3.1 and go to 8.x and ES 6.x at a later point.

Skalli

a_kearney
Path Finder

Thanks.

Do you have a link to where the stable versions are listed so I can keep track?

0 Karma

skalliger
SplunkTrust
SplunkTrust

Unfortunately not. The stable versions aren't available publicly. 😕

0 Karma

a_kearney
Path Finder

Ahh, at least I know why I didn't find them in the docs while researching!

0 Karma

skalliger
SplunkTrust
SplunkTrust

Just wanted to let you know that ES 6.1.1 is considered stable now with Splunk Enterprise 8.0.3. 🙂

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...