Splunk Upgrade best methodology or approach for En...

rishrai · ‎03-06-2019

I am looking to upgrade the following and the approach below. My question is this upgrade optimal and will sustain? The storage, ram and cores are way below Splunk recommendation for SH. Will this effect performance?

Upgrade Splunk ES from 5.0.1 to 5.2.x (latest)
Upgrade Splunk servers from 7.0.x to 7.2.4.2 (latest)

1. Take backup of all SH and Indexers 
2. Make a list of apps installed in SH and indexers, check for compatibility with 7.2.4.2 
    a. Identify splunk ES customizations, and document steps that needs to be configured post migration
3. Upgrade SHC https://docs.splunk.com/Documentation/Splunk/7.2.4/DistSearch/UpgradeaSHC
    a. Perform a member-by-member upgrade
4. Upgrade Indexer cluster
5. Upgrade Splunk ES

Do you have any lessons learnt? Better method or documents?

-RR

sloshburch · ‎04-04-2019

Seems right. Although ES may need to be upgrade before Indexers since it's like a Search Head. I honestly am not sure but this page should address the other details Upgrading an indexer cluster that integrates with a search head cluster?

sloshburch · ‎06-11-2019

Also, my peer @jmulcaster_splunk just posted What's the order of operations for upgrading Splunk Enterprise? which should help you.

Be sure to accept this answer if it helped you!

rishrai · ‎04-04-2019

Thanks! I will keep you posted once the upgrade is done and any lessons learnt.

sloshburch · ‎05-10-2019

Sounds good!

Splunk Upgrade best methodology or approach for Enterprise and ES

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!