Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk

revanthammineni
Path Finder
‎02-01-2021 11:25 AM

Hi Splunkers!

This is a scenario that I came across recently, Could anyone provide me an answer.

Scenario: You are upgrading Splunk Core, ES and ITSI in a hybrid environment. The on-prem portion is mostly focused towards ingestion (HFs, deployment, intermediaries) while the core Splunk application based on AWS. On-Prem and AWS use different technology stacks.

1) What is your approach to upgrading CORE, ES and ITSI with minimal interruption to customer experience?

2) What order would you upgrade Core, ES and ITSI?  Also, What order would you upgrade Splunk Components (UFs, HFs, deployment, deployers, indexers, cm, lm, mc, etc..?

Labels (2)
Tags (1)
0 Karma
Reply

revanthammineni
Path Finder
‎02-03-2021 09:23 AM

Thank you guys!!

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-01-2021 08:09 PM

Hi @revanthammineni,

It depends on your topology. You can find information on below documentation;

https://docs.splunk.com/Documentation/Splunk/8.1.1/Installation/UpgradeyourdistributedSplunkEnterpri...

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-01-2021 11:46 PM

As @scelikok said, upgrading those ES, ITSI depends on how you have implemented those. It's best to read installation instructions for those and if needed ask help from splunk support. General instructions is, first core then apps. And you must check version dependencies before start!

Here is update order of Splunk core components: https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

UF and HF part should update after core has updated as those versions cannot be higher than CORE has.

r. Ismo

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...