Installation

Site-by-site upgrade of indexer cluster with SHC

mmarkleybac
Engager

I have a multisite (specifically, two site) indexer cluster running 7.3, and a search head cluster with search affinity disabled per the recommendation here. I obviously need to upgrade all of those tiers to 8.1 very soon, given the end-of-support dates for 7.3 and 8.0. Ideally I would like to perform that upgrade without an outage.

The best option for this appears to be a site-by-site upgrade, especially as I happen not to have any metrics indexes. Those instructions state that I must first upgrade my cluster manager node to 8.0, then upgrade the indexers in one site to 8.0, and then upgrade the search heads in that same site to 8.0 (then repeat for the other site, then repeat the whole thing to get to 8.1). How does this apply when the search heads are all set to site0?

In contrast, the instructions for upgrading each tier separately say to upgrade the manager, then the search heads, then the indexers.

In what order should I do this upgrade? Do the search heads also have to go from version 7.3 to 8.0 to 8.1 like the cluster manager and indexers do?

Labels (3)
0 Karma

codebuilder
Influencer

Have you engaged Splunk support? This is a fairly complex operation on it's own, but adding in a major version upgrade increases the complexity/risk. If this is a prod environment I would suggest having support help you create a process specific to your environment.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...