Hi i need to do splunk up gradation. My splunk version is 6.3.1 i need to upgrade to 6.5. what procedure i need to follow.


I have 1 main index Node, 1 search node and 3 index node. Mainly 5 different types of logs we are fetching on 3 index nodes. Please suggest what procedure i need to follow starting from backup. Please clarify few things:

  1. Is there any way to take entire backup of splunk.(its configuration files, all reports we are using,all data base of splunk ).
  2. What precautions i need to take before upgrading. Please respond ASAP as i'm on deadline.
Tags (1)
0 Karma

Super Champion

index backup process -

Upgrade Splunk Enterprise
1. Open a shell prompt on the host that has the instance that you want to upgrade.
2. Change to the $SPLUNK_HOME/bin directory.
3. Run the $SPLUNK_HOME/bin/splunk stop command to stop the instance.
4. Confirm that no other processes can automatically start Splunk Enterprise.
5. To upgrade and migrate, install the Splunk Enterprise package directly over your existing deployment.
If you use a .tar file, expand it into the same directory with the same ownership as your existing Splunk Enterprise instance. This overwrites and replaces matching files but does not remove unique files. tar zxf splunk-6.x.x-.tgz -C /splunk/parent/directory
If you use a package manager, such as RPM, type rpm -U splunk_package_name.rpm
If you use a .dmg file on Mac OS X, double-click it and follow the instructions. Specify the same installation directory as your existing installation.

  1. Run the $SPLUNK_HOME/bin/splunk start command.
    Splunk Enterprise displays the following output.

    This appears to be an upgrade of Splunk.

    Splunk has detected an older version of Splunk installed on this machine. To
    finish upgrading to the new version, Splunk's installer will automatically
    update and alter your current configuration files. Deprecated configuration
    files will be renamed with a .deprecated extension.
    You can choose to preview the changes that will be made to your configuration
    files before proceeding with the migration and upgrade:
    If you want to migrate and upgrade without previewing the changes that will be
    made to your existing configuration files, choose 'y'.
    If you want to see what changes will be made before you proceed with the
    upgrade, choose 'n'.
    Perform migration and upgrade without previewing configuration changes? [y/n]

  2. Choose whether or not you want to run the migration preview script to see proposed changes to your existing configuration files, or proceed with the migration and upgrade right away. If you choose to view the expected changes, the script provides a list.

  3. After you review these changes and are ready to proceed with migration and upgrade, run $SPLUNK_HOME/bin/splunk start again.

Upgrade and accept the license agreement simultaneously
After you place the new files in the Splunk Enterprise installation directory, you can accept the license and perform the upgrade in one command.

To accept the license and view the expected changes (answer 'n') before continuing the upgrade, use the following command.
$SPLUNK_HOME/bin/splunk start --accept-license --answer-no
To accept the license and begin the upgrade without viewing the changes (answer 'y').
$SPLUNK_HOME/bin/splunk start --accept-license --answer-yes


Hi thanks, but i have windows machine.
do i need to take backup of reports, alerts and advisories or splunk will automatically pick the previous version report, alerts, advisories. If yes then how?
Windows machine

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!