Installation

What is the best approach for upgrading Splunk Enterprise?

pfabrizi
Path Finder

What is the best approach for upgrading SPLUNK?
1 DP
1 SH
1 F
2 ID
running 6.5.1 on link rehl 6

download 6.63, copy to each device and then untar or is there an upgrade from the UI?

Do I need to worry about backing up custom stanzas?

Thanks!

Labels (3)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi pfabrizi,
at first I suggest to upgrade to the latest version of Splunk!

in addition if you haven't a cluster there isn't a real upgrade order: the only best practice is that Indexers version should be greater than Universal Forwarders one.

I usually upgrade before Search Heads, Indexers, then Deployment Server and at least Universal Forwarders.

Upgrade must be done only by CLI not by UI.

To backup the full installation is always a best practice suggested by Splunk before upgrading.

Bye.
Giuseppe.

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi pfabrizi,
at first I suggest to upgrade to the latest version of Splunk!

in addition if you haven't a cluster there isn't a real upgrade order: the only best practice is that Indexers version should be greater than Universal Forwarders one.

I usually upgrade before Search Heads, Indexers, then Deployment Server and at least Universal Forwarders.

Upgrade must be done only by CLI not by UI.

To backup the full installation is always a best practice suggested by Splunk before upgrading.

Bye.
Giuseppe.

jmulcaster_splu
Splunk Employee
Splunk Employee

FYI, we've posted an upgrade roadmap with links to the latest documentation to help with upgrade planning. Check it out and let us know if you find it helpful. What's the order of operations for upgrading Splunk Enterprise?

0 Karma

pfabrizi
Path Finder

Thank You.

0 Karma

pfabrizi
Path Finder

is backing up the full installation making a copy of $splunk_home/etc and all sub folders or does this include everything under $splunk_Home?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi pfabrizi,
making a copy of all $SPLUNK_HOME you can restore your installation in less time, instead backing up only $SPLUNK/HOME/etc to restore your installation you have to reinstall the old version and then override etc folder.
It depends by your feeeling of a good conclusion of your job: at least backup $SPLUNK/HOME/etc .

Bye.
Giuseppe

0 Karma

pfabrizi
Path Finder

Thank You!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...