Solved: how can I upgrade splunk from 4 to 5 without data ...

perlish · ‎11-05-2012

hi all,I want to upgrade splunk from 4 to 5 without data lost,how can I make it ?
Thank you !

yannK · ‎11-05-2012

Upgrading go not cause a loss of data, the only consequence is when you have to restart Splunk you may miss events send as UDP/TCP.

To accept data all the time, use those techniques :

splunk forwarders (they can queue and pause monitoring, and use persistent queues)
rsyslog/syslog-ng to write to file your syslog data (and act as buffer)
multiple indexers in a load balanced cluster (so you can shut the down one at a time)

yannK · ‎11-05-2012

Upgrading go not cause a loss of data, the only consequence is when you have to restart Splunk you may miss events send as UDP/TCP.

To accept data all the time, use those techniques :

splunk forwarders (they can queue and pause monitoring, and use persistent queues)
rsyslog/syslog-ng to write to file your syslog data (and act as buffer)
multiple indexers in a load balanced cluster (so you can shut the down one at a time)

how can I upgrade splunk from 4 to 5 without data lost