Splunk server OS patching

nawazns5038 · ‎01-23-2019

Hi ,

I wish to patch the Linux OS for all the Splunk servers (including search heads, indexers etc). There are a lot of instances.
IS there any specific procedure to be followed or just have to be patched one by one.
Splunk version 6.5.3

Thanks

woodcock · ‎01-23-2019

You should not have to interrupt the splunk or OS core services at all to upgrade, but it depends on your distribution. It could be as simple as yum upgrade wait, test, move to the next server, and so on.

nawazns5038 · ‎01-26-2019

how about reboot after that. yum upgrade requires a reboot for sure in order to take effect of full updates.

Can we reboot multiple Splunk indexers at least at once or should it only be individual ?

woodcock · ‎01-26-2019

If you are clustered, you can do a rolling restart from the CLI. Otherwise, any indexer reboot is an outage so just do them all at once.

nawazns5038 · ‎01-23-2019

can we offline two to three splunk instances and upgrade the OS at once ??
Or is it mandatory to offline only one instance at a time ??

woodcock · ‎02-12-2019

So what did you end up doing?

Splunk server OS patching

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?

Splunk server OS patching

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI