Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Splunk Enterprise version upgrade from 8.2 to 9.0 ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Enterprise version upgrade from 8.2 to 9.0 guidance
Dear All,
As a splunk Admin , i have a earlier experience of doing upgradation from splunk enterprise version 9.1 to 9.2.which had no major changes. Now , that i have a challenging work , to upgrade version 8.2 to 9.0. on a clustered distributed environment. I understand , this is a major upgrade. which involves enforcing changes with respect to (SSL to TLS) , JQuery changes, Python changes ,upgrade Mongo,KVstore to wiretiger and a bunch of deprecated functions.
Is there a complete consolidated document as such available to apply this upgradation ? also i don't have a test environment to explore with. what are the advices. kindly help me with any related doc .
My env all Linux machines : 1 SH Dev, 3 SH PROD CLUSTERED , 4 IDX CLUSTERED , 1 DEPLOYER , 1 Server ( Acts as Deployment server , license master and clustermaster) , 2 HEAVY FORWARDER , and a bunch of UF.
Please call out, if im ammissing anything major.
#splunkupgradation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PickleRick @isoutamo @tej57 Thank you all for the guidance on this ! I prepared a consolidated workaround to implement based on the input provided.
TO DO:
| jQuery 3 Upgrade → UI Compatibility Issues |
| Python 2 → Python 3 Only |
| MongoDB → Internal KV Store (Migrate the KV store storage engine) |
| Prepare KV Store for MongoDB 4.2 Backend |
| SSL → TLS 1.2+ Only |
| Deprecated DB Connect v2 |
| Dropped OS Support CHECK |
| Universal Forwarder Compatibility |
| Deprecated/Removed Features |
| App Compatibility Check Required |
| Backup Critical Data Pre-Upgrade |
| Backup KV store |
| Backup DB Data |
I just have a query , i currently have my environment configured with SSL, if i upgrade to version 9.0.1 from 8.2. without switching from SSL to TLS1.2 . will my environment function as it is , or it will collapse and fail ?
NO its mandatory to be with TLS for version 9.0, i can implement TLS on the version 8.2 to check if its fine? will it work that way ?
I haven't done this migration from SSL to TLS before. In a dilemma , if i experiment , it will collapse all the connection.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I recall correctly 8.2 works ok with tls1.2? Both versions 8 and 9 are using same major version of openssl, so there shouldn't be any (real/unsolvable) issues when you are doing that update.
Splunk 10 is different case as it has update it's openssl to version 3. I haven't done that update/migration yet, so I cannot said that for sure. But at least those beta instructions give some additional warnings what you must do before that update.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While the upgrade itself can be tricky (you must have backups, be able to roll back, there are sometimes problems with kvstore upgrade and so on), there are additional things to consider:
1) Compatibility with the OS. While you're in a deeply unsupported territory already (8.2 has been EoS for ages) and want to upgrade to a "slightly less" unsupported version (the earliest supported line is 9.2 at the moment), there is still the question of whether your target version (in this case 9.0) is supported on your operating system (9.0 requires at least a 3.x kernel or a Windows 2016 Server - 2019 preferred since 2016 was already deprecated at that point).
2) Compatibility of your apps. And this is when it gets "interesting". You must check your app versions and their compatibility with the target Splunk release. There used to be an app which was supposed to help you with this (called Upgrade Readiness App or something like that) but its output wasn't in any way complete. You still have to double-check and be prepared to update your apps if anything stops working.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One more document to read https://lantern.splunk.com/Splunk_Platform/Product_Tips/Upgrades_and_Migration/Upgrading_the_Splunk_...
Be sure that you take needed backups (also SPLUNK_DB) to get possibility to do rollback if needed. Full backup of all DB files could be tricky. Also take backups for kvstores.
@tej57 already posted link to correct update order which you must follow. If/when you are updating over several versions you must start servers after each step to get done needed conversion tasks.
Also before upgrade check that your apps etc. are compliant for next version. Update those before platform update.
Fix all issues before you go forward!
As Splunk has migrated its documentation from docs to help, there are some situations that you cannot find needed documentation from those. Then wayback machine is your friend, where you could try to found missing docs!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @AsmaF2025,
You can go through the following documents before you upgrade the Splunk Environment -
1. Read First before Upgrade -
2. Order of Upgrade - https://docs.splunk.com/images/d/d3/Splunk_upgrade_order_of_ops.pdf
Thanks,
Tejas.
---
If the above solution helps, an upvote is appreciated..!!
Observe and Secure All Apps with Splunk
What's New in Splunk Observability - August 2025
Introduction to Splunk AI
