Documentation > Splunk > Installation Manual > Read this first before upgrading to 3.1.x

Installation Manual

 


Read This First
Step by Step Installation
Install Splunk Toolbar
Advanced Installation Topics
Upgrade Instructions
Help
Reference

Read this first before upgrading to 3.1.x

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Read this first before upgrading to 3.1.x

If you are upgrading from 3.0.x to 3.1, there are no special instructions.


If you are upgrading from 2.x to 3.1.x, you must perform some additional steps to manually re-implement some of your 2.2.3 and earlier configurations using 3.0 methods.


The following describes some major changes in 3.1.x that you should understand prior to beginning the upgrade.


Form search

Search strings can now contain variables that are rendered as form elements in SplunkWeb. When used with saved searches, you can search efficiently without knowing the details of the search language. Form search simplifies searching by asking you to input exactly the parameters you are looking for, instead of a complete and potentially complex search.


Search language simplification

As a result of ongoing simplification of the search language, you can now use equal signs where double colons were required. In prior releases, search field syntax required a double colon but extracted field syntax required an equal sign. For example, host::splunker was used for the host search field and myfield=value was used for the extracted field myfield. Now, you can use equal signs when performing searches in both search and extracted fields.


"key=value" | top

Archiving

With the introduction of enhanced archiving and the export command, you can now archive your Splunk data based on time and size, critical for large and long-term data storage issues common with compliance mandates. This data can be easily resurrected back into Splunk for historical searches, and you can now export data simply and easily to put Splunk-gathered data anywhere. See the 3.1 changelog for links to the new commands and features.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.1/Installation/ReadThisFirstBeforeUpgradingTo31x"

This documentation applies to the following versions of Splunk: 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!