We have Splunk Ent. (8.0) & ES.(6.4). What is a proper procedure to upgrade to Splunk Enterprise 8.2.2.1 to retain the settings & configurations we have done to ES (Enterprise Security)? What about Security Essentials we have installed. Any directions are much appreciated. Thanks a million.
Depends of what you have already done with your installation. Since you ask many questions which should be covered by any reasonable basic splunk training and seem to not put any effort into finding answers on your own, we can imagine that your servers are not managed the way they should be.
So, if you fiddled with "default" directories of the built-in apps, upgrade will overwrite your changes. If you kept your configurations in "local", nothing bad should happen.
And app upgrade is a different thing than core splunk software upgrade.