Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Server Update- Is it possible to restore backup file version 8.2 directly to 9.0?

yoshi99
Explorer
‎10-23-2022 08:25 PM

Hello all, I have a Splunk server update.
We have an update to our Splunk server and I am trying to figure out the workflow.
Current version 8.2.
The new server is 9.0.

I want to restore the backup files of the current version 8.2 to the new server version 9.0.
Is it possible to restore the backup file of version 8.2 directly to version 9.0?
Or, is it necessary to build a new device with version 8.2, restore it, and then upgrade to version 9.0?

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-24-2022 12:03 AM

Hi

Basically you can do it on same box, but if you want to refresh HW / OS at same time then you should follow above answer.

One thing which you must check when you are upgrading from 8.x to 9.0 is python and another mongodb. There are also some other security stuff changes which are described on Splunk's security guide.

8.1 python 2 is default (3 option), 8.2. it can by 2 or 3 (default) and in 9.0 there is only python3 left. This means that all TAs / Apps etc. must work with python3.

Mongodb will be updated to TigerShak and also engine version will be updated. But in single node environment that should handled automatic when you are doing upgrade.

Otherwise your plan seems to be ok.

r. Ismo

View solution in original post

Reply
Solved! Jump to solution

yoshi99
Explorer
‎10-23-2022 10:23 PM

Hi Sanjay Reddy

Thanks for your reply.
Your answers have been very helpful.

We have only one Splunk server.

Please let me check additionally.

I found that the configuration file can be restored from Version 8.x to Version 9.x. Can the database be restored as well? Can the database be restored as well?


-Procedure

-Version 8.x backup (old Splunk server)
Backup with Splunk service stopped.

Backup $SPLUNK_HOME/etc/ for configuration.
Backup $SPLUNK_HOME/var/lib/splunk/defaultdb for index database.
Backup other index databases as needed.

-Ver9.x restore (new Splunk server)
Restore with Splunk service stopped.
Restore configuration to $SPLUNK_HOME/etc/.
Index database is restored to $SPLUNK_HOME/var/lib/splunk/defaultdb.

Thank you in advance.

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-24-2022 12:03 AM

Hi

Basically you can do it on same box, but if you want to refresh HW / OS at same time then you should follow above answer.

One thing which you must check when you are upgrading from 8.x to 9.0 is python and another mongodb. There are also some other security stuff changes which are described on Splunk's security guide.

8.1 python 2 is default (3 option), 8.2. it can by 2 or 3 (default) and in 9.0 there is only python3 left. This means that all TAs / Apps etc. must work with python3.

Mongodb will be updated to TigerShak and also engine version will be updated. But in single node environment that should handled automatic when you are doing upgrade.

Otherwise your plan seems to be ok.

r. Ismo

Reply
Solved! Jump to solution

yoshi99
Explorer
‎10-24-2022 02:33 AM

Hi @isoutamo 

Thank you very much for your kind words.

First, I will create an environment and evaluate it.
It seems like a good idea to check.

If I have any trouble, I would like to get advice from you all.

0 Karma
Reply
Solved! Jump to solution

SanjayReddy
SplunkTrust
SplunkTrust
‎10-23-2022 10:00 PM

Hi @yoshi99 

For How many servers are you trying to Upgrade Splunk Version to 9? 

if it a single server, you can take a backup of $SPLUNK_HOME/etc/ and restore them directly on version 9 


https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/HowtoupgradeSplunk#Splunk_Enterprise...

if it is clustered envieromenet , you need to upgrade the severs based on Splunk components
 

please upgrade in following order(which I folllowed when we upraded the infra)
                   
1.Clustmaster 
2.License Master
3.Search Head
4.Indexers (enable cluster master in maintenance )

5. Deployment server

6. forwarders

for deatrlied steps for indexer upgrade please refer to
https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/Upgradeacluster 

also please go throuth the following docs  before you upgarde to 9.0  and for upgrade related info

https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/AboutupgradingREADTHISFIRST 

https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/HowtoupgradeSplunk 

 

Regards,
Sanjay Reddy

---
If this reply helps you, Karma would be appreciated.

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...