Splunk server OS patching

nawazns5038 · ‎01-23-2019

Hi ,

I wish to patch the Linux OS for all the Splunk servers (including search heads, indexers etc). There are a lot of instances.
IS there any specific procedure to be followed or just have to be patched one by one.
Splunk version 6.5.3

Thanks

woodcock · ‎01-23-2019

You should not have to interrupt the splunk or OS core services at all to upgrade, but it depends on your distribution. It could be as simple as yum upgrade wait, test, move to the next server, and so on.

nawazns5038 · ‎01-26-2019

how about reboot after that. yum upgrade requires a reboot for sure in order to take effect of full updates.

Can we reboot multiple Splunk indexers at least at once or should it only be individual ?

woodcock · ‎01-26-2019

If you are clustered, you can do a rolling restart from the CLI. Otherwise, any indexer reboot is an outage so just do them all at once.

nawazns5038 · ‎01-23-2019

can we offline two to three splunk instances and upgrade the OS at once ??
Or is it mandatory to offline only one instance at a time ??

woodcock · ‎02-12-2019

So what did you end up doing?

Splunk server OS patching

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk