Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk install, upgrade on different hardware

spisiakmi
Contributor
‎07-08-2025 03:35 AM

Hi,

can anybody help with this problem, please?

Old Splunk 4 is running on Windows 2016 Srv. The old Splunk 4 should be upgraded to he newest version on a new hardware with Windows 2022 Srv.

1. how to do it

2. how to migrate all data

3. how to use existing licence

????

 

Sorry, my mistake. The old version is 7.1.2.

 

Labels (2)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-08-2025 07:34 AM

Hi @spisiakmi 

Wow, Splunk 4! I dont really know where to start with this one, but what I would say is this sort of thing should probably be done with the assistance of Splunk Professional Services (PS).

There are so many questions and caveats here. The only "off the shelf" supported option would be to go through the official supported upgrade path for each version as @PrewinThomas has mentioned - but then you also need to balance that with the version of OS that each version is on (e.g. when do you move it from Server 2016 to 2022 and continue the upgrade path).

There are also factors like how many indexers you have and what the rest of the environment looks like, how does data get in to Splunk, and how would you manage the upgrade of any forwarders in the estate?

There are a number of places in the upgrade journey where the structure of buckets changes. e.g. around 4.1/4.2 there are changes, then again at 7.2 and 8.x which is why the upgrade process is place. Therefore I wouldnt recommend just copying them from the old to the new infrastructure.

Depending on the volume of data, one option might be to freeze out the data from your old infra and thaw it out into your new infra. This way the relevant changes are managed by Splunk. According to the docs it is possible to thaw pre 4.2 data into Splunk 9.x  - however there are warning about different architecture (is your Windows Server 2016 on 64-bit architecture?).

Would you be looking to change the Splunk architecture (e.g utilise clustering) on the new infra?

Ultimately there are a number of ways to do this, but I would strongly suggest speaking to a Splunk Partner and/or Splunk Professional Services to get this planned out.

Lastly - In order to upgrade from Splunk 4 using the upgrade path, you will need lots of old versions which are no longer publicly available, so you will need to see if support can provide these, however I believe this may be unlikely without PS involvement.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

spisiakmi
Contributor
‎07-09-2025 12:01 AM

Hi livehybrid,

thank you very much for your advice.

Sorry, my mistake. The old version is 7.1.2.

0 Karma
Reply

PrewinThomas
Motivator
‎07-08-2025 04:34 AM

@spisiakmi 

Normal Splunk upgrade path will be,
Splunk 4.x to 6.5.x then to 7.3.x then to 8.2.x then to 9.4.x

But it will be lengthy process and each step requires installing that version and letting it upgrade your config and indexed data.

Also consider,
Since you are moving to new hardware , you can install the latest version and migrate data from old one.

Stop Splunk on the old server
Roll hot buckets to warm
Copy configs to new server -Eg: $SPLUNK_HOME/etc
Copy indexed data - Eg: $SPLUNK_HOME/var/lib/splunk
Install latest Splunk on new server
Replace the new install’s etc and var/lib/splunk with your copied folders
Start Splunk and verify.

Since you are migrating from very old version, i would recommend to test this first to make sure nothing is breaking.

Also better to raise a Support ticket to be on safer side.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply

spisiakmi
Contributor
‎07-09-2025 12:01 AM

Hi Prewin27,

thank you very much for your advice.

Sorry, my mistake. The old version is 7.1.2.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...