Migration considerations
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Migration considerations
This topic discusses various issues and considerations you should review before upgrading to Splunk 3.2.
You should also review the Known Issues for additional information before you upgrade.
Scripts in /splunk/bin are not saved
If you have configured an alert to call a script, that script resides in $SPLUNK_HOME/bin/scripts. Make a backup of these scripts and reinstate them after the upgrade.
Saved searches
Be aware of the following regarding saved searches:
- If the search contains fixed scheduling, and actually takes longer to run than the interval allows, the search will not work.
- If your search contains
foo=barand you have an indexed field configured from previous versions asfoo::bar, your search will fail ifbarisn't anywhere in the raw data of an event. Make saved searches that fail for this reason work by either:- adding or changing
INDEXED = TrueorINDEXED_VALUE = Falsein the stanza forfooin fields.conf. - changing your search in the search bar by replacing
foo=barwithfoo::bar.
- adding or changing
- Metadata commands like
| adminor| metaeventsare not supported, and will generate a warning.
Changes to indexes.conf
If you have made changes to the default values in indexes.conf, the configuration will not migrate. Make a backup of your changes and re-add them post-upgrade.
Must upgrade all instances of Splunk in a distributed environment
As mentioned in the Known Issues, you must upgrade all members of your distributed cluster to the same version.
Instances of Splunk deployment server must match clients
As mentioned in the Known Issues, if you are running Splunk's deployment server, you must upgrade the deployment server and all its clients to the same version. Splunk recommends that you upgrade your Splunk deployment server first, before you migrate your other Splunk instances.
If you are unable to migrate all clients at one time, you can set up two deployment servers, one for your new 3.2.x clients, and one for your 3.1.x clients. This way, you can move each client over to communicate with the 3.2.x deployment server as you are able to upgrade it.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.