Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

instead upgrade recreate the instance via ansible

karakutu
Path Finder
‎05-19-2021 03:04 AM

We setup the Splunk cluster on cloud via Ansible scripts. ( cluster is also configured via Ansible)

I have two questions.

1) in case we want to upgrade the Splunk to a new version. Instead, upgrading the existing system, we would like to create new cluster via Ansible scripts from scratch and deploy the old Splunk app into new system. What kind of problems may we encounter in such an update scenario?

 

2)in case we do it. Which configuration files are needed to be updated from old setup? 

 

Thanks

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-24-2021 02:57 AM

Hi

If you create the new cluster instead of update old, you must also migrate the data from old to new unless you don't need it. 

In our experience is that it's easier to use those ansible scripts to also update cluster nodes than recreate the whole cluster again.

Depending on size of you cluster you can even do actual update manually by downloading correct version and then update it. After you have updated all nodes then just update version information on your ansible configurations. Of course better way is to add that update part to ansible also especially if you have lager clusters and/or lot of those.

If you still want to do it again from scratch you must copy all apps which you have in CM and it's master-apps. I hope and propose that all your cluster configurations should be a separate app(s) which you can easily apply to the new environment(s).

Of course you must add this new cluster to your SH layer nodes as well your MC etc.

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...