Installation

Are there detailed instructions for how to upgrade Splunk from 4.3 to 6.0 on CentOS 6.5?

terryjohn
Path Finder

I'm trying to upgrade a single splunk instance from 4.3 to 6.0. I've read the docs and it says I have to do this before upgrading to the latest version. We have a number of forwarders reporting to this instance.

I've been looking through http://docs.splunk.com/Documentation/Splunk/6.0/Installation/HowtoupgradeSplunk#Upgrade_from_4.3

I've read the "read this first" about whether the apps will work and have documented which I need to be concerned about.

But I can't find anywhere that actually tells me how to do it. I've found detailed instructions how to do the forwarders and the order that things need to done but I can't find any detailed instructions of how to upgrade the splunk server itself.

There's just a vague reference saying "In many cases, you upgrade Splunk by installing the latest package over your existing installation".

Is there anything that give more detailed instructions and what I have to look out for during the upgrade? Our system is running Centos 6.5

Thanks

Labels (1)
Tags (4)
0 Karma

emalenfant
Explorer

Yank is correct. Backup $SPLUNK_HOME/etc before everything, but also make sure all changes you've made are actually in the $app/local folder or it will get overwritten with the new configs.

After that, start upgrading your apps. This is the slightly more painful part as you may need to modify searches for updated sourcetypes.

I just pulled the trigger with my upgrade from 4.3 -> 6.1.1 about 4 weeks ago, and had only a few hiccups, but having that backup helpped.. even just just creating a VM, install 4.3 on it, extract your backup on it, is great for a visual of what you had before your upgrade, and modify as needed.

0 Karma

terryjohn
Path Finder

Thanks. I'll be practicing on a VM copy before doing the real server so my backup will effectively be the live server. When I do it for real I'll run a snapshot before as a safety net

0 Karma

yannK
Splunk Employee
Splunk Employee

You can upgrade the standalone indexer first, and the forwarders later. (old forwarders are still compatible with new indexers).

But I can't find anywhere that actually tells me how to do it, Our system is running Centos 6.5

It depends what was your initial install method.
- always backup your $SPLUNK_HOME/etc/ just in case
- the easiest it the tar.gz installer, you stop splunk, untar over the /opt/splunk folder, make sure to have the correct user permissions, then restart splunk
- if you used the .rpm package, you have to upgrade using the rpm procedure (and if you used a non conventional install folder, do not forget to specify it in the rpm the prefix parameters)

see http://docs.splunk.com/Documentation/Splunk/6.1.1/Installation/Upgradeto6.1onUNIX
and the same methods for the first install (more detailed)
http://docs.splunk.com/Documentation/Splunk/6.1.1/Installation/InstallonLinux

terryjohn
Path Finder

That looks like what I need. I'll have to re-read the hot, warm, cold database stuff again but I've got somewhere to go now.

I'll be using yum to upgrade but if there are problems with that I'll use rpm -u as the initial install was via a .rpm file.

Thanks

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...