Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk

revanthammineni
Path Finder
‎02-01-2021 11:25 AM

Hi Splunkers!

This is a scenario that I came across recently, Could anyone provide me an answer.

Scenario: You are upgrading Splunk Core, ES and ITSI in a hybrid environment. The on-prem portion is mostly focused towards ingestion (HFs, deployment, intermediaries) while the core Splunk application based on AWS. On-Prem and AWS use different technology stacks.

1) What is your approach to upgrading CORE, ES and ITSI with minimal interruption to customer experience?

2) What order would you upgrade Core, ES and ITSI?  Also, What order would you upgrade Splunk Components (UFs, HFs, deployment, deployers, indexers, cm, lm, mc, etc..?

Labels (2)
Tags (1)
0 Karma
Reply

revanthammineni
Path Finder
‎02-03-2021 09:23 AM

Thank you guys!!

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-01-2021 08:09 PM

Hi @revanthammineni,

It depends on your topology. You can find information on below documentation;

https://docs.splunk.com/Documentation/Splunk/8.1.1/Installation/UpgradeyourdistributedSplunkEnterpri...

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-01-2021 11:46 PM

As @scelikok said, upgrading those ES, ITSI depends on how you have implemented those. It's best to read installation instructions for those and if needed ask help from splunk support. General instructions is, first core then apps. And you must check version dependencies before start!

Here is update order of Splunk core components: https://community.splunk.com/t5/Installation/What-s-the-order-of-operations-for-upgrading-Splunk-Ent...

UF and HF part should update after core has updated as those versions cannot be higher than CORE has.

r. Ismo

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...