Splunk Enterprise Security: Do I need to upgrade m...

brdr · ‎01-05-2017

Hi,

Question... in the Splunk Enterprise Security (ES) 4.5.1 Installation and Upgrade Manual it reads:

*Splunk Enterprise Security 4.5.x and later requires Splunk platform version 6.4.4 or later, and a 64-bit OS install on all search heads and indexers. See Splunk Enterprise system requirements. *

All of our components (indexers, cluster master, search heads) are at 6.4.0. With the line above and just to confirm, we will need to upgrade the Enterprise Security search head to 6.4.4. Is this true?

Thx

aaraneta_splunk · ‎01-21-2017

@brdr - Did the answer provided by skalliger help provide a solution to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!

skalliger · ‎01-09-2017

You could also use Enterprise Security 4.1.3. which works with Splunk 6.4.x. We did the same because we did not want to upgrade yet.

I am not a fan of upgrading only one search head and I'm not sure right now that you should only upgrade one member of your cluster (even if it's a standalone ES SH).
But the answer to your question is simply "yes".

Splunk Enterprise Security: Do I need to upgrade my ES search head to 6.4.4?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!