Installation

How often should I upgrade Splunk Enterprise?

jmulcaster_splu
Splunk Employee
Splunk Employee

The software support policy for Splunk Enterprise is now two years. My company has a policy to wait a few releases before upgrading any software to make sure that new features are stable. But then we only have a year before that version moves out of support. How do we get in the sweet spot of Splunk Enterprise updates?

Labels (1)
0 Karma
1 Solution

jmulcaster_splu
Splunk Employee
Splunk Employee

Splunk adds and updates features and functions to Splunk Enterprise regularly to keep pace with innovation and reduce risk. In fact, Splunk releases these updates on the Splunk Cloud platform continually.

For on-prem customers, Splunk releases two levels of software updates to Splunk Enterprise:

  • Major "x." and Minor "x.x" releases include new and updated features and functions, updated platform elements, and cumulative bug fixes. Splunk issues major and minor releases on average twice per year. 
  • Maintenance "x.x.x" releases include bug fixes and minor updates within a major release interval. Splunk issues maintenance releases several times per year.

On-prem customers benefit from the continual updates to the Cloud platform because features, functions, and updates are thoroughly road-tested and hardened when they are released in a major version update. 

So if you have an on-prem Splunk Enterprise implementation, the best practice is to upgrade as often as you can, but at least once per year. Then establish a regular upgrade cadence so you can keep pace with all major and maintenance updates Splunk releases. If you are on a later Splunk Enterprise version, maintenance updates are straightforward and non-disruptive to perform. 

If Splunk issues a maintenance release during your upgrade planning cycle, we strongly recommend that you make the latest release the target of your upgrade.

The key is to be proactive. Don't wait until you encounter a bug or reach the end of the version support window. 

More upgrade tips

  • Good news if you have a clustered architecture: rolling upgrade features available since Splunk 7.1 have taken a lot of tedium out of regular upgrades. For details, see Perform a rolling upgrade of a search head cluster in the Splunk Enterprise Distributed Search manual. 
  • If you never want to worry about upgrading your Splunk platform again, migrate to Splunk Cloud and let the Splunk experts take care of upgrades, infrastructure, and maintenance for you. To learn more, contact your Splunk sales representative, or visit Splunk Cloud on the Splunk website. 

 

View solution in original post

jmulcaster_splu
Splunk Employee
Splunk Employee

Splunk adds and updates features and functions to Splunk Enterprise regularly to keep pace with innovation and reduce risk. In fact, Splunk releases these updates on the Splunk Cloud platform continually.

For on-prem customers, Splunk releases two levels of software updates to Splunk Enterprise:

  • Major "x." and Minor "x.x" releases include new and updated features and functions, updated platform elements, and cumulative bug fixes. Splunk issues major and minor releases on average twice per year. 
  • Maintenance "x.x.x" releases include bug fixes and minor updates within a major release interval. Splunk issues maintenance releases several times per year.

On-prem customers benefit from the continual updates to the Cloud platform because features, functions, and updates are thoroughly road-tested and hardened when they are released in a major version update. 

So if you have an on-prem Splunk Enterprise implementation, the best practice is to upgrade as often as you can, but at least once per year. Then establish a regular upgrade cadence so you can keep pace with all major and maintenance updates Splunk releases. If you are on a later Splunk Enterprise version, maintenance updates are straightforward and non-disruptive to perform. 

If Splunk issues a maintenance release during your upgrade planning cycle, we strongly recommend that you make the latest release the target of your upgrade.

The key is to be proactive. Don't wait until you encounter a bug or reach the end of the version support window. 

More upgrade tips

  • Good news if you have a clustered architecture: rolling upgrade features available since Splunk 7.1 have taken a lot of tedium out of regular upgrades. For details, see Perform a rolling upgrade of a search head cluster in the Splunk Enterprise Distributed Search manual. 
  • If you never want to worry about upgrading your Splunk platform again, migrate to Splunk Cloud and let the Splunk experts take care of upgrades, infrastructure, and maintenance for you. To learn more, contact your Splunk sales representative, or visit Splunk Cloud on the Splunk website. 

 

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...