I have upgraded our Splunk ent version to latest 7.0.1. For some business reason, I want to downgrade again to 6.5.2.
I found a statement like "Splunk Enterprise does not provide a means of downgrading to previous versions. If you need to revert to an older Splunk release, uninstall the upgraded version and reinstall the version you want."
I will uninstall 7.0.1 and again install 6.5.2. But I have a few questions.
Do we just backup etc folder or the enitre Splunk install directory?
Hi,
That's no big deal, and the answer is NO you won't loose your change:
1.custom config files in "local" dir (eg. system/local...)
2.App installed ans associates files
3.indexes...
But if you have modified system files whitout creating the overwritten version in local dirs, yes these changes will probably be lost.
As for an example, if you have custom limits configuration, don't modify system/defaults/limits.conf but create a new files including your setting in system/local/limits.conf
To upgrade from previous release when you installed through the tarball Archive:
1.Stop Splunk
2.Backup your current install using tar
Let's say you installed by default, splunk is installed in /opt/splunk
In terminal, go at top of splunk dir (cd /opt) and extract files (tar -xvf )
1.Start Splunk and accept changes
Also look for compatibility
http://docs.splunk.com/Documentation/Splunk/7.0.0/Forwarding/Compatibilitybetweenforwardersandindexe...
I hope this helps you!