Installation

Can you give me advice on the correct sequence to follow when upgrading Splunk Enterprise from 6.5.3 to 7.2.4?

davidmills
Explorer

We wish to upgrade from 6.5.3 to the latest (7.2.4 at this time).

We have:

  • Index Cluster Master
  • Search head cluster (3 nodes)
  • Index Cluster (3 nodes)
  • Heavy forwarder (1 node)
  • Configuration manager
  • API collector
  • Splunk CM (?)

From my reading of:

It looks like:

  • We will need to upgrade in 2 steps - say 6.5.3 to 7.0 and then 7.0 to 7.2.4
  • I can perform a tiered upgrade:
  1. Index Cluster Master
  2. Search head cluster (member by member)
  3. Index cluster (if I have correctly read this as the peer nodes)
  4. Heavy forwarder
  5. etc.

Is my reading correct?

Labels (4)
0 Karma

nickhills
Ultra Champion

You can upgrade from 6.5 -7.2.X no problems (I did this a few weeks ago!)

One change to your order however..
I would upgrade all Search Heads first - Before the Cluster Master.
The reason is that you want to complete your Index Cluster as quickly as possible, and leaving the master and peers at differing versions for longer than necessary should be avoided.

There is one exception - if your CM is also an SHC deployer - that forces your hand, so you must start with the CM (ask me how I know)

So my suggested order is:

SHC Deployer
SHC Members
Standalone SHs
IDX Cluster Master
IDX Cluster Peers
HFs
UFs
Deployment Server
Lic Server
etc.
If my comment helps, please give it a thumbs up!
0 Karma

ddrillic
Ultra Champion

The Ansible script we used when upgrading to 6.6.4 was -

$ cat  00_steps.txt
ansible-playbook 01_enable_maintenance_mode.yml
ansible-playbook 02_stop_master.yml
ansible-playbook 03_stop_indexers.yml
ansible-playbook 04_stop_search_heads.yml
ansible-playbook 05_stop_batch_heads.yml
ansible-playbook 06_stop_deploy_and_license.yml
ansible-playbook 07_get_splunk_status.yml
ansible-playbook 08_bu_splunk.yml
ansible-playbook 09_upgrade_splunk_enterprise_to_6.6.4.yml
ansible-playbook 10_start_master.yml
ansible-playbook 11_enable_maintenance_mode.yml
ansible-playbook 12_start_indexers.yml
ansible-playbook 13_start_search_heads.yml
ansible-playbook 14_start_batch_heads.yml
ansible-playbook 15_start_deploy_license.yml
ansible-playbook 16_get_splunk_status.yml
ansible-playbook 17_disable_maintenance_mode.yml
0 Karma

davidmills
Explorer

The document https://docs.splunk.com/Documentation/Splunk/7.2.4/Installation/AboutupgradingREADTHISFIRST contradicts advice in other documents and suggests that we can upgrade directly to 7.2 from 6.5. Please advise.

0 Karma

lakshman239
SplunkTrust
SplunkTrust

I can only see the following note :

If you use Enterprise Security version 5.0.x or lower, do not upgrade to Splunk Enterprise version 7.2. This version of Splunk Enterprise is not compatible with Splunk Enterprise Security versions 5.0.x and lower.

This is specifically if you have Splunk ES installed on top of core splunk. Do you have ES?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...