- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Upgrade to 9.3.1
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Question with regards to
"Default value change for the 'max_documents_per_batch_save' setting causes restore from KV store backups made using versions earlier than Splunk Enterprise 9.3.0 to fail".
The "9.3 READ THIS FIRST" documentation says that I must restore KV backups made using Splunk Enterprise 9.2.2 and earlier versions before upgrading to Splunk Enterprise version 9.3.0.
I am new to Splunk administration and would appreciate steps (with detailed explanation) for hot to accomplish this task and get to the point of upgrading Splunk from 9.2.2 to 9.3.1. This is a single-instance (one server) environment, no distributed components, no clusters .
Not running ES, ITSI, or ITE Work
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unless I am mistaken, this warning is saying that if you try to restore KV backups from versions earlier than 9.3 then it will fail. That is, the restoration will fail, not the update to 9.3.*. Thus, if you do not need to make a restore from your <9.3 kvstore backups, then this is not a problem.
If there is data in your KV store backup that you need in the future, then you should restore them now, then update to 9.3, then you can make another backup. Or if you are confident that it does not contain unique data, then you could delete the old kvstore backup and then make a new backup after upgrading to 9.3.
These docs could help: https://docs.splunk.com/Documentation/Splunk/9.3.1/Admin/BackupKVstore
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unless I am mistaken, this warning is saying that if you try to restore KV backups from versions earlier than 9.3 then it will fail. That is, the restoration will fail, not the update to 9.3.*. Thus, if you do not need to make a restore from your <9.3 kvstore backups, then this is not a problem.
If there is data in your KV store backup that you need in the future, then you should restore them now, then update to 9.3, then you can make another backup. Or if you are confident that it does not contain unique data, then you could delete the old kvstore backup and then make a new backup after upgrading to 9.3.
These docs could help: https://docs.splunk.com/Documentation/Splunk/9.3.1/Admin/BackupKVstore
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ marnall,
You are right. I do not have any data in my KV store that would need to be restored in the future. Upgrade to 9.3.1 has been completed without any issues!
Thanks
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
