I am currently using Splunk 5.0.4 and trying to upgrade to Splunk 6.x along with all forwarders. How can I upgrade all Splunk forwarders on Windows and Linux servers in one shot? We have roughly 1000 forwarders. Any suggestions? Can I upgrade forwarders first to version 6 and later upgrade Splunk Enterprise to 6? Is that OK?
Thanks in advance...
As for how to upgrade them... You'll need to write scripts that take into account the architecture of each os, among other variables.
http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/UpgradetheWindowsforwarder
http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/UpgradetheNixforwarder
http://docs.splunk.com/Documentation/Splunk/6.1/installation/HowtoupgradeSplunk
For windows, i've used winrm and powershell remoting. For linux I've used everything from bash scripts to python.
As for compatabillity between versions:
http://docs.splunk.com/Documentation/Splunk/6.2.0/Forwarding/Compatibilitybetweenforwardersandindexe...