Splunk Enterprise

Splunk Server Update- Is it possible to restore backup file version 8.2 directly to 9.0?

yoshi99
Explorer

Hello all, I have a Splunk server update.
We have an update to our Splunk server and I am trying to figure out the workflow.
Current version 8.2.
The new server is 9.0.

I want to restore the backup files of the current version 8.2 to the new server version 9.0.
Is it possible to restore the backup file of version 8.2 directly to version 9.0?
Or, is it necessary to build a new device with version 8.2, restore it, and then upgrade to version 9.0?

Labels (1)
Tags (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

Basically you can do it on same box, but if you want to refresh HW / OS at same time then you should follow above answer.

One thing which you must check when you are upgrading from 8.x to 9.0 is python and another mongodb. There are also some other security stuff changes which are described on Splunk's security guide.

8.1 python 2 is default (3 option), 8.2. it can by 2 or 3 (default) and in 9.0 there is only python3 left. This means that all TAs / Apps etc. must work with python3.

Mongodb will be updated to TigerShak and also engine version will be updated. But in single node environment that should handled automatic when you are doing upgrade.

Otherwise your plan seems to be ok.

r. Ismo

View solution in original post

yoshi99
Explorer

Hi Sanjay Reddy

Thanks for your reply.
Your answers have been very helpful.

We have only one Splunk server.

Please let me check additionally.

I found that the configuration file can be restored from Version 8.x to Version 9.x. Can the database be restored as well? Can the database be restored as well?


-Procedure

-Version 8.x backup (old Splunk server)
Backup with Splunk service stopped.

Backup $SPLUNK_HOME/etc/ for configuration.
Backup $SPLUNK_HOME/var/lib/splunk/defaultdb for index database.
Backup other index databases as needed.

-Ver9.x restore (new Splunk server)
Restore with Splunk service stopped.
Restore configuration to $SPLUNK_HOME/etc/.
Index database is restored to $SPLUNK_HOME/var/lib/splunk/defaultdb.

Thank you in advance.

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Basically you can do it on same box, but if you want to refresh HW / OS at same time then you should follow above answer.

One thing which you must check when you are upgrading from 8.x to 9.0 is python and another mongodb. There are also some other security stuff changes which are described on Splunk's security guide.

8.1 python 2 is default (3 option), 8.2. it can by 2 or 3 (default) and in 9.0 there is only python3 left. This means that all TAs / Apps etc. must work with python3.

Mongodb will be updated to TigerShak and also engine version will be updated. But in single node environment that should handled automatic when you are doing upgrade.

Otherwise your plan seems to be ok.

r. Ismo

yoshi99
Explorer

Hi @isoutamo 

Thank you very much for your kind words.

First, I will create an environment and evaluate it.
It seems like a good idea to check.

If I have any trouble, I would like to get advice from you all.

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @yoshi99 

For How many servers are you trying to Upgrade Splunk Version to 9? 

if it a single server, you can take a backup of $SPLUNK_HOME/etc/ and restore them directly on version 9 


https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/HowtoupgradeSplunk#Splunk_Enterprise...

if it is clustered envieromenet , you need to upgrade the severs based on Splunk components
 

please upgrade in following order(which I folllowed when we upraded the infra)
                   
1.Clustmaster 
2.License Master
3.Search Head
4.Indexers (enable cluster master in maintenance )

5. Deployment server

6. forwarders

for deatrlied steps for indexer upgrade please refer to
https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/Upgradeacluster 

also please go throuth the following docs  before you upgarde to 9.0  and for upgrade related info

https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/AboutupgradingREADTHISFIRST 

https://docs.splunk.com/Documentation/Splunk/9.0.1/Installation/HowtoupgradeSplunk 

 

Regards,
Sanjay Reddy

---
If this reply helps you, Karma would be appreciated.

If your problem is resolved, then please click the "Accept as Solution" button to help future readers.

Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...