Deployment Architecture

Is it safe to downgrade from 6.1 to 6.0.3?

Lucas_K
Motivator

I've found some show stopping deployment server bugs and would like to know if its safe to downgrade from 6.1 to 6.0.3 on both search heads and indexers in a distributed environment?

My concern is that there are some data model related changes that might break badly with a reversion.

0 Karma
1 Solution

dwaddle
SplunkTrust
SplunkTrust

It "should be mostly safe" - but ... you might be happier with a dedicated 6.0.3 (6.0.4?) instance running just deployment server. This separation can make your life easier in more ways than one.

View solution in original post

GeorgeStarkey
Path Finder

Why is a default install setting items under local/limits.conf instead of under default?

I have the local version of this file managed with a remote configuration manager (puppet), which should only put items that I have specifically set... I have some machines calling this file and loading it that are still running 6.0.3, and now some running 6.1.3... is it ok to run 6.1.3 without the file_tracking_db_threshold?

0 Karma

dwaddle
SplunkTrust
SplunkTrust

It "should be mostly safe" - but ... you might be happier with a dedicated 6.0.3 (6.0.4?) instance running just deployment server. This separation can make your life easier in more ways than one.

Lucas_K
Motivator

Have looked a ticket with support on this asking why it wasn't documented correctly.

0 Karma

Lucas_K
Motivator

Just reverted a test instance.

A couple of notes. Delete the introspection_generator_addon app. Also need to delete the file_tracking_db_threshold_mb setting from system/local/limits.conf.

Lucas_K
Motivator

In our environment we have dedicated instances for almost everything. Deployment server, edge deployment servers(deployable deployment servers), search heads, indexes, forwarders, license master, utility sos/reporting boxes. Some of them even have dual installs due to software bugs that can't be solved.

0 Karma

Lucas_K
Motivator

6.0.3 deployment server code is horribly broken also.

To be honest its been broken in every version of v6.x.
We are still using 5.0.4 for the deployment server because of this. Support said our bugs would be fixed in 6.0.4 (but it isn't). 6.1 introduces more deployment issues rather than less.

It is a reproducible bug that I can see the root cause of (tenants feature REMOVAL not depreciation!).

My issue is that in each main release there is no bug fix listing. In the maintenance release notes they also don't include other big fixes or feature removals (the actual cause of this issue).

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...