Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Does ES3.3 on Search-Head running 6.2.3 and indexers running on 6.2.2 work?

it7272
Engager
‎05-12-2015 12:34 PM

In a distributed Search environment, is it required to upgrade the Indexers to the latest version of Splunk or can we just upgrade the Search-head and deploy the TA, DA ,SA via the deployment server to 6.2.2 Indexers?

0 Karma
Reply

doksu
Contributor
‎05-14-2015 03:52 PM

I think the simple answer is to upgrade your indexers. Upgrading the indexers from 6.2.2 to 6.2.3 wouldn't take a long time nor is it risky. As you're probably aware, best practice is to upgrade indexers before search heads. If you have some dire business requirement not to upgrade the indexers then it would be best to open a support ticket to raise the issue with the folks that would know why 6.2.3 is specifically required for ES 3.3.

0 Karma
Reply

it7272
Engager
‎05-12-2015 04:53 PM

Yes, I do see reference in the documentation. But what would be the impact, if any, by keeling the indexers at 6.2.2 and only upgrading the Search head. Do any of the ES3.3 applications that go on the indexers verify version on restart?

The end goal is to have everything at the latest version.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-12-2015 01:15 PM

My reading of the system requirements is that ES 3.3 requires Splunk Enterprise 6.2.3 on all search heads and indexers.

Reply

ChrisG
Splunk Employee
Splunk Employee
‎05-14-2015 03:11 PM

Your best option is to move to 6.2.3. I suggest looking at the release notes to see what bugs on the indexer tier might affect your deployment. If you don't find anything listed for 6.2.2 that concerns you, you can probably keep your indexers at 6.2.2 until you can upgrade.

That's a big "probably," though...there are a lot of unknowns and here on Answers we don't have very much information to work with.

To answer your last question: no, none of the add-ons that ship with Enterprise Security do anything to check versions.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...