Spread our blog

Hi Guys !!

Today we are going to show you, how to upgrade Splunk from version 8.0.6 to 8.2.1. Before upgrading to 8.2.x please go through the Splunk doc from the below link,

Upgrading Splunk

Here, we have Single Site Indexer Cluster which contains 1 Master Node, 3 Indexers, 1 Search Head.

NOTE:

There can be existing apps and add-ons in your cluster, which might not be compatible with the version you are upgrading. So, once your Splunk is upgraded you need to upgrade those apps and add-ons as well compatible with the upgraded Splunk Version.

So, let’s see how to upgrade.

1. Upgrade The Master Node

Step 1:

First, check the current version of Splunk using,

./splunk --version  under $SPLUNK_HOME/bin/ directory.

Step 2:

Now, we will stop Splunk using the below command.

./splunk stop under $SPLUNK_HOME/bin/ directory.

Now, check the status of Splunk using the below command.

./splunk status under $SPLUNK_HOME/bin/ directory.

Step: 3

Now, we will take backup of Splunk folder.

Use the below command to take backup,

Splunk Backup:

tar -cvzf splunk_backup splunk/ (run it under $SPLUNK_HOME directory)

As you can see splunk_backup file is created. The same way other backup files will be created.

If, your machine is running out of space, then you can take “master-apps” and “apps” directory backup under $SPLUNK_HOME/etc/ directory.

[To know more about what other backup needs to be taken please check the document mentioned above. Also once the backup is made move it to a secure place so that you will not lose it].

Master-Apps Backup:

tar –cvzf master-apps_backup master-apps/ (run it under $SPLUNK_HOME/etc/ directory)

Apps Backup:

tar –cvzf apps_backup apps/ (run it under $SPLUNK_HOME/etc/ directory)

Step 4:

Download the version of Splunk you want to upgrade to,

You can also know about :  Impact of fields.conf on Search Performance In Splunk

We are upgrading to 8.2.1, so we are using the below command (You can get the command from splunk.com).

We are using rpm package for linux machine. 

wget -O splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.2.1&product=splunk&filename=splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm&wget=true'

Step 5:

Once it is downloaded, we need to untar the rpm package with the below command,

rpm –U <rpm file name>

Step 6:

Now, we need to use the below command,

./splunk start --accept-license --answer-yes under $SPLUNK_HOME/bin directory.

Step 7:

Now, check the current version using,

./splunk --version  under $SPLUNK_HOME/bin/ directory.

Also, check splunk is running or not using the below command,

./splunk status under $SPLUNK_HOME/bin/ directory.

2. Upgrade The Search Head:

[As, the steps are same As Manager Node, so we didn’t put screenshots for search head]

Step 1:

First, check the current version of Splunk using,

./splunk --version  under $SPLUNK_HOME/bin/ directory.

Step 2:

Now, we will stop splunk using the below command.

./splunk stop under $SPLUNK_HOME/bin/ directory.

Now, check the status of splunk using the below command.

./splunk status under $SPLUNK_HOME/bin/ directory.

Step 3:

Now, we will take backup of splunk folder (Splunk back process is same as before). If your machine is running out of space, then you can take “apps” directory under $SPLUNK_HOME/etc/ directory.

[To know more about what other backup needs to be taken please check the document mentioned above. Also, once the backup is made, move it to a secure place so that you will not lose it].

Use the below command to take backup,

Splunk Backup:

tar –cvzf splunk_backup splunk/ (run it under $SPLUNK_HOME directory)

Apps Backup:

tar –cvzf apps_backup apps/ (run it under $SPLUNK_HOME/etc/ directory)

Step 4:

Download the version of splunk you want to upgrade to,

You can also know about :  Configure a Scripted Data Input Using a PS1 or PowerShell Script

We are upgrading to 8.2.1, so we are using the below command (You can get the command from splunk.com). We are using rpm package for linux machine.

wget -O splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.2.1&product=splunk&filename=splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm&wget=true'

Step 5:

Once it is downloaded, we need to untar the rpm package with the below command,

rpm –U <rpm file name>

Step 6:

Now, we need to use the below command,

./splunk start --accept-license --answer-yes under $SPLUNK_HOME/bin directory.

Step 7:

Now, check the current version using,

./splunk --version  under $SPLUNK_HOME/bin/ directory.

Also, check splunk is running or not using the below command,

./splunk status under $SPLUNK_HOME/bin/ directory.

3. Upgrade The Indexers

Step 1:

While upgrading the indexers we have to keep the Manager Node in maintenance mode using the below command,

./splunk enable maintenance-mode under $SPLUNK_HOME/bin/ directory.

Then to check maintenance mode is on or not, use the below command,

./splunk show maintenance-mode under $SPLUNK_HOME/bin/ directory.

If it gives 1 then it is on.

Step 2:

[From here, the step are same as Manager Node, so we didn’t put the Screenshots.]

First, check the current version of splunk using,

./splunk --version under $SPLUNK_HOME/bin/ directory.

Step 3:

Now, we will stop splunk using the below command.

./splunk stop under $SPLUNK_HOME/bin/ directory.

Now, check the status of splunk using the below command.

./splunk status under $SPLUNK_HOME/bin/ directory.

Step 4:

In case of Indexers, take the backup of “apps” directory and “slave-apps” directory under $SPLUNK_HOME/etc/ directory.

[To know more about what other backup needs to be taken please check the document mentioned above. Also once the backup is made move it to a secure place so that you will not lose it]

You can also know about :  How to Blacklist or Whitelist EventCode(s) of Windows Event Log (For Local Windows Machine)

Use the below command to take backup,

Slave-Apps Backup:

tar –cvzf slave-apps_backup slave-apps/ (run it under $SPLUNK_HOME/etc/ directory)

Apps Backup: 

tar –cvzf apps_backup apps/ (run it under $SPLUNK_HOME/etc/ directory)

Step 5:

Download the version of splunk you want to upgrade to,

We are upgrading to 8.2.1, so we are using the below command (You can get the command from splunk.com). We are using rpm package for linux machine.

wget -O splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.2.1&product=splunk&filename=splunk-8.2.1-ddff1c41e5cf-linux-2.6-x86_64.rpm&wget=true'

Step 6:

Once it is downloaded, we need to untar the rpm package with the below command,

rpm –U <rpm file name>

Step 7:

Now, we need to use the below command,

./splunk start --accept-license --answer-yes under $SPLUNK_HOME/bin directory.

Step 8:

Now, check the current version using,

./splunk --version under $SPLUNK_HOME/bin/ directory.

NOTE: Step 2 to step 6 should be followed to all the indexers.

Step: 9

Once all the indexers are upgraded, we can disable the maintenance mode of the manager node using the below command.

./splunk disable maintenance-mode under $SPLUNK_HOME/bin/ directory.

As you can see, our cluster is working fine.

Hope you have enjoyed this blog, we will come back with new topics of Splunk. Until then goodbye and stay safe and strong.

Happy Splunking !!

What’s your Reaction?
+1
1
+1
+1
2
+1
+1
8
+1
+1

Spread our blog

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here