Citrus Consulting Services

Splunk Version Upgrade Planning

As new functionalities and features are constantly being added to Splunk, implementing upgrades is not only prudent but essential for businesses. This guide will provide you information on preparatory and execution activities involved in Splunk Version Upgrade.

Pre-requisites:

1. Perform an inventory version check on Splunk components.
2. Identify apps/add-ons compatibility with target Splunk enterprise version.
3. Identify apps/add-ons that need an upgrade.

Prepare for upgrade:

1. Backup Splunk configuration
2. Benchmark system health

Perform upgrade: Perform the version upgrade in the following order.

1. Upgrade the Deployment Server
2. Upgrade the License Master + Monitoring Console
3. Upgrade Cluster Master
4. Upgrade Search Head
5. Upgrade Indexers

Upgrade Splunk add-ons and applications:

1. Upgrade add-ons and applications to a version compatible with the target Splunk enterprise version.

Verify the upgrade:

1. Check that the Splunk apps and add-ons work like they did before the upgrade.
2. For distributed deployment, use Monitoring Console to verify all Splunk Enterprise components.
3. Review resource utilization for all components and compare to the benchmarked system health prior to the upgrade.
4. Confirm all components are available.
5. Confirm that the license master machine works properly, and all indexers are connected to it.
6. Confirm that the cluster master operates normally and that cluster peers are connecting properly.
7. Confirm that the search tier operates normally, and that search and indexers communicate properly.
8. User the Monitoring Console to verify search head cluster state and individual cluster peer nodes.
9. Confirm that all indexer cluster nodes are communicating with the cluster master.

Finally, upgrade the Universal forwarder if the existing version is not compatible with the latest version of Splunk enterprise. Don’t forget to perform cleanup after the upgrade.