Re: Upgrading to 4.0

aoates · ‎05-04-2010

Our production instance is on a Linux machine with dual quad core (8 available cores) @ 2.5 GHz and 8GB of physical memory. The total size of the installation is right on the 1TB mark.

1) Based on the size of the DB / Log data how long can we anticipate 3.4.13 to 4.0.10 upgrade to take.

2) What growth for index data can we expect during this? If necessary we can lower our retention configuration so that we don’t run out of space.

gkanapathy · ‎05-04-2010

I'm wondering why you'd be going to 4.0.10, instead of 4.1.2.

Mick · ‎05-04-2010

During migration, there are no changes applied to the DB files, so that is not a factor in determining how long a migration will take.

The actual migration itself is very quick, and it should take any longer than installing a new instance or a maintenance release upgrade. What will take time is understanding how the migration will change how you use Splunk, testing it beforehand so you're familiar with the process and re-building any custom dashboards that you have created in the 3.x world.

There will be no increase in the amount of data indexed to your default index unless you specifically add more data sources. Splunk may log and index more internal data than it did before, but the size of the internal indexes is controlled by the default settings and they shouldn't grow any larger than usual.

wwhitener · ‎01-31-2012

This technically depends. On my upgrade, when I set the SPLUNK_DB variable, it changed the data directory to handle 4.2.2 and after that--even if NO data had been indexed in 4.2.2--3.4.5 threw cookies at the data and it was unrecoverable.

Our upgrade took about 4 hours too.

Upgrading to 4.0

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases