Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Considerations to upgrade from Enterprise 9.1.1 to 9.4.2

heres1
Explorer
‎05-27-2025 12:40 PM

Considerations to upgrade from Enterprise 9.1.1 to 9.4.2,  while its also a deployment server. 

Labels (1)
Labels
0 Karma
Reply

heres1
Explorer
‎05-28-2025 06:39 PM

"Thanks a lot for the detailed info — I really appreciate it! I'm fully on board and diving into it. Great to have your attention on this. By the way, the DS server is running on Linux."

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎05-27-2025 02:12 PM

Regarding the DS specifically, have a good read of https://docs.splunk.com/Documentation/Splunk/latest/Updating/Upgradepre-9.2deploymentservers but essentially you need to make sure that your indexers have the relevant DS indexes created as the phone-home and other deployment data is now held here:

== indexes ==
[_dsphonehome]
[_dsclient]
[_dsappevent]

and also configure the outputs.conf to ensure that the data is saved locally on the DS too (so it can display the client info!)

== outputs.conf ==
[indexAndForward]
index = true
selectiveIndexing = true

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

 

Reply

livehybrid
SplunkTrust
SplunkTrust
‎05-27-2025 01:51 PM

Hi @heres1 

Confirmed by  the docs, there is no need to upgrade to an intermediate version - you can upgrade directly from 9.1.x to 9.4.x.

There are quite a few differences between 9.1.1 and 9.4.2 so I rather than me listing them all here, I'd recommend having a read through https://docs.splunk.com/Documentation/Splunk/9.4.2/Installation/AboutupgradingREADTHISFIRST as there may be other changes/feature deprecations that you rely on.

Most notably is probably KVStore upgrades, SSL changes but there are also some big Deployment Server changes, therefore its also worth reading https://docs.splunk.com/Documentation/Splunk/latest/Updating/Upgradepre-9.2deploymentservers which details some of the changes and possible configuration changes you may have to make around your log forwarding on your DS in order to retain the visibility of the Forwarder Managment / Agent Manager section.

 

Are you running Linux or Windows? Im not sure of specific changes for either but happy to review this.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

  

Reply

heres1
Explorer
‎06-09-2025 09:20 AM

Thanks for your previous guidance.

I've retried the process and made a full backup of both /opt/splunk/etc and /opt/splunk/var just in case. I then proceeded with a clean reinstallation of Splunk Enterprise version 9.4.3.

Everything seems to be working fine except for the KV Store, which is failing to start.

Upon investigation, I found that the version used previously (4.0.x) is no longer compatible with Splunk 9.4.3, which likely makes my backup of the KV Store unusable under the new version.

Additionally, even after the KV Store upgrade attempt, my Universal Forwarders still do not appear in the Forwarder Management view, even though they are actively sending data and I can see established TCP connections on port 9997.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...