Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Upgrade best methodology or approach for Enterprise and ES

rishrai
New Member
‎03-06-2019 07:28 PM

I am looking to upgrade the following and the approach below. My question is this upgrade optimal and will sustain? The storage, ram and cores are way below Splunk recommendation for SH. Will this effect performance?

Upgrade Splunk ES from 5.0.1 to 5.2.x (latest)
Upgrade Splunk servers from 7.0.x to 7.2.4.2 (latest)

1. Take backup of all SH and Indexers 
2. Make a list of apps installed in SH and indexers, check for compatibility with 7.2.4.2 
    a. Identify splunk ES customizations, and document steps that needs to be configured post migration
3. Upgrade SHC https://docs.splunk.com/Documentation/Splunk/7.2.4/DistSearch/UpgradeaSHC
    a. Perform a member-by-member upgrade
4. Upgrade Indexer cluster
5. Upgrade Splunk ES

Do you have any lessons learnt? Better method or documents?

-RR

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎04-04-2019 01:17 PM

Seems right. Although ES may need to be upgrade before Indexers since it's like a Search Head. I honestly am not sure but this page should address the other details Upgrading an indexer cluster that integrates with a search head cluster?

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎06-11-2019 08:34 AM

Also, my peer @jmulcaster_splunk just posted What's the order of operations for upgrading Splunk Enterprise? which should help you.

Be sure to accept this answer if it helped you!

0 Karma
Reply

rishrai
New Member
‎04-04-2019 02:42 PM

Thanks! I will keep you posted once the upgrade is done and any lessons learnt.

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎05-10-2019 08:24 AM

Sounds good!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...