We wish to upgrade from 6.5.3 to the latest (7.2.4 at this time).
We have:
From my reading of:
It looks like:
Is my reading correct?
You can upgrade from 6.5 -7.2.X no problems (I did this a few weeks ago!)
One change to your order however..
I would upgrade all Search Heads first - Before the Cluster Master.
The reason is that you want to complete your Index Cluster as quickly as possible, and leaving the master and peers at differing versions for longer than necessary should be avoided.
There is one exception - if your CM is also an SHC deployer - that forces your hand, so you must start with the CM (ask me how I know)
So my suggested order is:
SHC Deployer
SHC Members
Standalone SHs
IDX Cluster Master
IDX Cluster Peers
HFs
UFs
Deployment Server
Lic Server
etc.
The Ansible script we used when upgrading to 6.6.4 was -
$ cat 00_steps.txt
ansible-playbook 01_enable_maintenance_mode.yml
ansible-playbook 02_stop_master.yml
ansible-playbook 03_stop_indexers.yml
ansible-playbook 04_stop_search_heads.yml
ansible-playbook 05_stop_batch_heads.yml
ansible-playbook 06_stop_deploy_and_license.yml
ansible-playbook 07_get_splunk_status.yml
ansible-playbook 08_bu_splunk.yml
ansible-playbook 09_upgrade_splunk_enterprise_to_6.6.4.yml
ansible-playbook 10_start_master.yml
ansible-playbook 11_enable_maintenance_mode.yml
ansible-playbook 12_start_indexers.yml
ansible-playbook 13_start_search_heads.yml
ansible-playbook 14_start_batch_heads.yml
ansible-playbook 15_start_deploy_license.yml
ansible-playbook 16_get_splunk_status.yml
ansible-playbook 17_disable_maintenance_mode.yml
The document https://docs.splunk.com/Documentation/Splunk/7.2.4/Installation/AboutupgradingREADTHISFIRST contradicts advice in other documents and suggests that we can upgrade directly to 7.2 from 6.5. Please advise.
I can only see the following note :
If you use Enterprise Security version 5.0.x or lower, do not upgrade to Splunk Enterprise version 7.2. This version of Splunk Enterprise is not compatible with Splunk Enterprise Security versions 5.0.x and lower.
This is specifically if you have Splunk ES installed on top of core splunk. Do you have ES?