Hi , My infra team is doing the Vulnerability patching on linux servers as we have 6 indexers clustered , we are doing patching on 3 indexers and 3 search heads clustered. is their anything that i need to do except validating the servers after patching ? as they are doing on 3 indexers i am thinking to enable maintenance mode ?
Yes, use maintenance mode. And run splunk offline
on each indexer before it is patched.
Yes, use maintenance mode. And run splunk offline
on each indexer before it is patched.
is it any problem if i use ./splunk stop command and after patching i will start the service , If i use splunk offline command what it will do and once patching finished how can i start splunk is by using ./splunk start ?
splunk offline
is better. See https://docs.splunk.com/Documentation/Splunk/8.0.0/Indexer/Takeapeeroffline.
Awesome thanks