Splunk Enterprise

Splunk Enterprise Security upgrade

pacifikn
Communicator

Greetings!!!

How to updrade from 5.3.0  to SPlunk Enterprise Security version 7.0,  

I am having splunk enterprise 7.2.6,

Kindly advise & guide  me how can i upgrade it? 

Thank you in advance!

Labels (2)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

There's an entire manual devoted to upgrading ES.  See https://docs.splunk.com/Documentation/ES/7.0.0/Install/Overview . To upgrade ES 5.x you will have to upgrade Splunk Enterprise as well.  See the compatibility matrix at https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix to see which version of Splunk you'll need.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

kkrises
Path Finder

Your splunk enterprise version should be on atleast 8.1 to upgrade to 7.0 ES app version. Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020.

If you have PS support, they will guide you on upgrade steps. We faced few critical issues during upgrade from 7.x to 8.x. please refer the "Known issues" listed by splunk which would help you in for a successful upgrade. Pls don't rush in, plan the upgrade well and do it. Otherwise, it may cause production issues.

 

https://docs.splunk.com/Documentation/Splunk/8.2.4/ReleaseNotes/KnownIssues

Let me know if you need any further help in this regard. Thank you.

 

 

 

pacifikn
Communicator

Thank you @kkrises for your advice and guidance,

When I have downloaded the version of Splunk ES https://splunkbase.splunk.com/app/xxx/,

is this enough to upgrade splunk ES to 7.0.0 and Splunk Enterprise version 8.1.x- 8.2.4)????

or I have to also download other one for Splunk Enterprise version 8.1.x to 8.2.4 ?????

 

Another question, what command to use in CLI or use GUI to upgrade after getting upgrade version file splunk-enterprise-security_700.spl ???

Kindly help me, how to upgrate it after getting this upgrade version file?

 

Thank you in advance

 

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

There's an entire manual devoted to upgrading ES.  See https://docs.splunk.com/Documentation/ES/7.0.0/Install/Overview . To upgrade ES 5.x you will have to upgrade Splunk Enterprise as well.  See the compatibility matrix at https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix to see which version of Splunk you'll need.

---
If this reply helps you, Karma would be appreciated.

pacifikn
Communicator

@Thank you dear @richgalloway for your guidance,

The only problem, I still have, I have seen splunk ES has various versions of Splunk enterprise that is compatible to splunk ES v 7.0.0

- May you help me how i can upgrade splunk enterprise to the latest one which is 8.2.4 and Splunk ES to 7.00,

is it possible to upgrade splunk enterprise from 7.2.6 to 8.2.4 ????

also possible to upgrade splunk ES from 5.3.0 to 7.0.0 ????

If possible may you please guide me how to upgrade them, what are the requirements???

Kindly help me on this cause in the documents is little bit confused, i don't well understand this,

Thank you in advance. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it is possible to upgrade from 7.2.6 to 8.2.4, but that can be a breaking change.  All of your apps must be compatible with Python 3 to install Splunk 8.  Run the Upgrade Readiness app (https://splunkbase.splunk.com/app/5483/) to see if your apps are ready.  As with any upgrade, you'll want to read the Release Notes for the version you're installing as well as each intervening version to see if there are changes that affect your environment.  The Release Notes may call for special steps you must take to upgrade to that version

Likewise for Splunk ES.  Check the Release Notes and Upgrade Instructions for each version to see which steps must be performed.

Detailed steps are too extensive for this forum and are something for which Splunk often recommends engaging Professional Services.  PS can advise the best upgrade process for your environment.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...