Hi everybody,
I need to upgrade Splunk Enterprise from 7.3.X to 8.1.0 and then to 8.2.5 (Windows).
The architecture includes: - 1 cluster master - 1 search head - 2 indexers (cluster) - 1 d...
See more...
Hi everybody,
I need to upgrade Splunk Enterprise from 7.3.X to 8.1.0 and then to 8.2.5 (Windows).
The architecture includes: - 1 cluster master - 1 search head - 2 indexers (cluster) - 1 deployment servers - 1 heavy forwarder - n universal forwarders
Looking at the documentation, these are the steps to follow:
Download the MSI file to the host.
Double-click the MSI file. The installer runs and attempts to detect the existing version of Splunk Enterprise installed on the machine. When it locates the prior installation, it displays a panel that asks you to accept the licensing agreement.
Accept the license agreement. The installer then installs the updated Splunk Enterprise. This method of upgrade retains all parameters from the existing installation. The installer restarts Splunk Enterprise services when the upgrade is complete, and places a log of the changes made to configuration files during the upgrade in %TEMP%.
Shouldn't I stop the the splunk service before? Do I only need to double click on the installer and follow the wizard on each host? That's it? Is there something that I'm missing?
About Splunk apps and add-ons: I need to update some of them, should I do it before or after the Splunk upgrade? Example: Add-on for VMware ESXi Logs is now 3.4.2 and needs to be upgraded to 4.0.3 (which doesn't support Splunk 7.X).
I think I should upgrade Splunk first, then add-ons and apps, correct?
Thanks in advance for any help.