Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Are there any best practices for Upgrading Splunk server to RHEL 7.5?

teddyidc1101
Communicator
‎08-23-2018 05:18 AM

We are planning to upgrade the VM server to RHEL 7.5 with splunk distributed deployment installed in them.
Do we have any documentation or best practices regarding steps? thanks!

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎08-23-2018 06:33 AM

Doing this as a comment, not answer, because this is not really canonical.

Splunk is only very loosely coupled to the OS and upgrades of the OS are not particularly important to Splunk. If there's no clustering in your environment, then you can do whatever, IMO, with the caveat that you probably really want all the OSes to be of nearly the same version. (If for no other reason than management should be easier).

With indexer clusters (and perhaps search head clustering) you'll want those boxes - the CM and indexers, or whatever is involved with SHC, to be upgraded all at once or at least within a relatively short time. Of course, to upgrade an indexer cluster, maintenance mode and all that needs to be done just because the expected downtime will likely be long enough you don't want panic bucket fixings...
http://docs.splunk.com/Documentation/Splunk/7.1.2/Indexer/Upgradeacluster

Otherwise, it really shouldn't be a big deal.

Reply

deepashri_123
Motivator
‎08-23-2018 06:27 AM

Hey teddyidc1101,

Follow steps below:
Kindly test on dev environment first to check all config and indexed data is available after upgrade of VM.
Take backup of all instances.
You need to upgrade tiers in specific order and within each tier each node should be upgraded at same time:
Follow the order below for upgrades:
1. Master- stop splunk on the master, upgrade the VM and start splunk again.
Check all the cluster status in the Monitoring Console.Check if any errors in internal logs.
2. Search Head -
a.stop splunk on 1 search head, upgrade VM and start splunk again.
Now make that search head as captain and then repeat step a for all other search heads
3. Indexers-
Enable maintenance node on master.
Stop all the indexers.
Upgrade VM's
Start indexers and disable maintenance-mode.

Let me know if this helps!!

0 Karma
Reply

teddyidc1101
Communicator
‎08-24-2018 08:32 AM

Thanks for this...will make it as guide for implementation.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...