Getting Data In

What is the recommended upgrade order for search heads, indexers, heavy forwarders, deployment server, etc.?

bport15
Path Finder

I am currently planning on upgrading our Splunk Enterprise to version 6.5.2. I know I need to upgrade the Search Heads prior to the Indexers but I'm not sure what order everything else belongs in and am looking for a recommendation.

We have 18 indexers, running version 6.4.1.
We have 8 search heads in a cluster, running version 6.4.1.
We have a deployer (Cluster Master), running version 6.4.1.
We have a deployment server, running version 6.3.1.
We have 4 heavy forwarders that we use as syslog-ng and snmptrapd servers, running versions 6.3.1
We have several standalone search heads, not in the cluster, that do our alerting and run Splunk DB Connect and/or the Splunk App for CEF, running in either 6.3.1 or 6.4.1.
We have a mixed bag of Universal Forwarders running 5.x and 6.x versions.

0 Karma

adonio
Ultra Champion

Hello bport15
first upgrade all management instances: Deployer, Cluster Master, Deployment Server, License Master, DMC,
after, upgrade the Search Heads,
lastly upgrade the indexers
more about it here:
http://docs.splunk.com/Documentation/Splunk/6.5.3/Indexer/Upgradeacluster
http://docs.splunk.com/Documentation/Splunk/6.5.3/Installation/UpgradeyourdistributedSplunkEnterpris...

leave forwarders to last.

hope it helps

sloshburch
Splunk Employee
Splunk Employee

@jmulcaster_splunk posted an order-of-operations diagram with links to relevant documentation to help with upgrade planning. Check it out and let us know if you find it helpful. What's the order of operations for upgrading Splunk Enterprise?

0 Karma

bport15
Path Finder

I've read that the deployment server needs to be shut off and upgraded and left off until the other upgrades are done. Is this true? I'm planning on bucketing the upgrades over the span of several days and don't want to leave the deployment server off for that duration.

0 Karma

adonio
Ultra Champion

were did you read that?
kindly follow the manual, i have seen huge environment upgrade all instances in matter of hours

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...