- Before you upgrade a distributed environment, confirm that Splunk apps works on the new version of Splunk Enterprise. For that do the following steps: –
- On a reference machine, install the full version of Splunk Enterprise that you currently run.
- Install the apps on this instance.
- Access the apps to confirm that they work as you expect.
- Upgrade the instance.
- Access the apps again to confirm that they still work.
- If the apps work as you expect, move them to the appropriate location during the upgrade of your distributed environment.
Architecture Diagram : –
1. Take the backup ($SPLUNK_HOME) of all Splunk components that is Master node,
peer node (Indexer 01 and Indexer 02), search heads (1, 2) and deployment server.
2. Shutdown cluster master (stop splunk).
$ ./splunk stop
3. Upgrade the cluster master to latest release and Upgrade the Cluster master.
$ ./splunk start (Do not upgrade the peer nodes)
4. Enable the maintenance mode of cluster master.
$ ./ splunk enable maintenance-mode
5. Check is master is in maintenance mode.
$ ./ splunk show maintenance-mode
6. Upgrade the peer nodes (Indexers) one by one.
7. Stop the splunk of peer’s node, upgrade it and after completing start the splunk.
8. Upgrade the search head one by one same as peer nodes upgraded.
9. After upgrading Peer nodes and Search Head, disable the maintenance mode of cluster master.
$ ./splunk disable maintenance-mode
10.To confirm that the master is not in maintenance mode,
$ ./ splunk show maintenance-mode
If you are still facing issue regarding step by step upgradation of indexers in splunk clustered environment Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉
