There are generic documents regarding Splunk upgrade. I am looking for a more detailed one.
Are there any documents with proper steps/instructions to follow?
We have one search head, three indexers, one cluster master, and 100+ universal forwarders and 4-5 heavy forwarders.
Hi athorat... the latest version just out is 6.3 and it looks like the documentation is good (compared to anything else you would find online).
Check it out here
For your deployment, you can just upgrade your cluster/searchHead,Indexers and cluster master and do the forwarders in phases (if you need to) (assuming all your forwarders are above 4.3)
If you have your customizations in separate apps , typically the process is low risk. Check out the compatibilities ... for options
Search Head / Peer
Forwarders/indexers
good-luck with the upgrade