Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Installation
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Splunk Administration
- :
- Installation
- :
- Splunk Enterprise Upgrade
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Enterprise Upgrade
santosh_hb
Explorer
02-19-2019
12:01 AM
Hi All,
With regards to Splunk Enterprise I have the below query:
- I have a existing Splunk infra that has Splunk Enterprise 6.5.3 running on all the servers. It has got all the apps TA-'s configured and they are running properly in PROD. environment
- Now, I have built a new infra (with new servers) and has got Splunk Enterprise 7.2.1 installed and configured on all the servers.
Our plan is to implement any new on-boarding of log feeds into new infra and going forward merge all the apps and TA-s that are currently running on the existing infra to the new Infra.
We have 2 approaches to take it forward:
- Migrate all the existing configurations related to app's and TA-s from the existing infra to new infra (Splunk 7.2.1)
- Else, upgrade the existing PROD. infra to Splunk 7.2.1 and then merge all the app's and TA-'s related to existing infra to the new infra that has already Splunk 7.2.1
So, kindly suggest which method I have to follow. If yes, then can you provide the reason for choosing the method (Justification)
regards,
Santosh
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vinod94
Contributor
02-22-2019
09:39 AM
Hi @santosh_hb ,
You can refer this link .
hope this helps you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lakshman239
Influencer
02-22-2019
08:58 AM
In my view, you can use either of the two approaches. Both will be fine. However, you would need to have a few considerations to decide.
- How many servers do you have in old and new infra? is there any clustering involved?
- what's your retention period for indexes? If its less than 6months, its better to use new infra as you can decommission the old infra [ adds costs till you decom them]. If you have a longer retention, upgrade will be better, as migrating buckets needs careful analysis and time consuming, should you run into bucket fixes/issues.
- As you have already built the new infra and have a plans to onboard new data and have a plan to migrate them to new infra, option 2(new infra) is better.
- what was the driving factor for building a new infra as opposed to upgrade? is that due to ageing hardware, timescales or need to on-board new data?
- Can your new infra provide a seamless interface or better one compared to old interface to users?
Related Topics
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
