Splunk Enterprise


Path Finder

Hi Splunkers!

This is a scenario that I came across recently, Could anyone provide me an answer.

Scenario: You are upgrading Splunk Core, ES and ITSI in a hybrid environment. The on-prem portion is mostly focused towards ingestion (HFs, deployment, intermediaries) while the core Splunk application based on AWS. On-Prem and AWS use different technology stacks.

1) What is your approach to upgrading CORE, ES and ITSI with minimal interruption to customer experience?

2) What order would you upgrade Core, ES and ITSI?  Also, What order would you upgrade Splunk Components (UFs, HFs, deployment, deployers, indexers, cm, lm, mc, etc..?

Labels (2)
Tags (1)
0 Karma

Path Finder

Thank you guys!!

0 Karma


Hi @revanthammineni,

It depends on your topology. You can find information on below documentation;



If this reply helps you an upvote is appreciated.


As @scelikok said, upgrading those ES, ITSI depends on how you have implemented those. It's best to read installation instructions for those and if needed ask help from splunk support. General instructions is, first core then apps. And you must check version dependencies before start!

Here is update order of Splunk core components: https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

UF and HF part should update after core has updated as those versions cannot be higher than CORE has.

r. Ismo

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...