Splunk® Enterprise

Installation Manual

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

How to upgrade Splunk Enterprise

Support for this version of Splunk Enterprise has ended.
Splunk ended support for this version of Splunk Enterprise on October 22, 2019, in accordance to the Splunk software support policy. Splunk will offer a Limited Support period through January 31, 2020. After the Limited Support period ends, Splunk no longer provides support for customers that run this version.

Consider planning an upgrade to the most recent version to get the latest in performance enhancements, bug fixes, and features. See the following documentation for more information:

Upgrading a single Splunk Enterprise instance is straightforward. In many cases, you upgrade the software by installing the latest package over your existing installation. When you upgrade on Windows systems, the installer package detects the version that you have previously installed and offers to upgrade it for you.

Splunk Enterprise must be upgraded with a user account that has administrative privileges and that can write to the instance directory and all of its subdirectories.

What's new and awesome in 7.0?

See Welcome to Splunk Enterprise 7.0 in the Release Notes for a full list of the new features that are available in 7.0.

See Known issues in the Release Notes for a list of issues and workarounds in this release.

Back up your existing deployment

Always back up your existing Splunk Enterprise deployment before you perform any upgrade or migration.

You can manage upgrade risk by using technology that lets you restore your Splunk Enterprise installation and data to a state prior to the upgrade, whether that is external backups, disk or file system snapshots, or other means. When backing up your Splunk Enterprise data, consider the $SPLUNK_HOME directory and any indexes outside of it.

For more information about backing up your Splunk Enterprise deployment, see Back up configuration information in the Admin Manual and Back up indexed data in Managing Indexers and Clusters of Indexers.

Choose the proper upgrade procedure based on your environment

The way that you upgrade Splunk Enterprise differs based on whether you have a single Splunk Enterprise instance or multiple instances connected together. The differences are significant if you have configured a cluster of instances.

Upgrade distributed environments

If you want to upgrade a distributed Splunk Enterprise environment, including environments that have one or more search head pools, see How to upgrade a distributed Splunk Enterprise environment.

Upgrade clustered environments

There are special requirements for upgrading an indexer cluster or a search head cluster. The following topics have upgrade instructions that supersede the instructions in this manual:

Important upgrade information and changes

See About upgrading to 7.0: READ THIS FIRST for migration tips and information that might affect you when you upgrade.

Upgrade from 6.0 and later

Splunk supports a direct upgrade from versions 6.0 and later of Splunk Enterprise to version 7.0:

Upgrade from 5.0 and earlier

Splunk does not support directly upgrading from version 5.0 and earlier of Splunk Enterprise to version 7.0.

Upgrade from 5.0

If you run version 5.0, upgrade to version 6.0 first before attempting an upgrade to 7.0. You can also upgrade from version 5.0 to versions 6.1, or 6.2 before upgrading to 7.0.

Upgrade from 4.3

If you run version 4.3, upgrade to version 6.0 first before attempting an upgrade to 7.0.

Upgrade from versions earlier than 4.3

If you run a version earlier than 4.3:

  1. Upgrade to version 4.3.
  2. Then upgrade to version 6.0.
  3. Then upgrade to version 7.0.

See About upgrading to 4.3 READ THIS FIRST for details on how to upgrade to version 4.3.

Get and install the "no-enforcement" license

A new license type that does not block search after a license has been in violation is available.

This license is standard on all new installations of Splunk Enterprise. If you want to use this license type after an upgrade, you must get and install it on your Splunk Enterprise instance separately. Your instance must run Splunk Enterprise 6.5.0 or later. If you have a distributed deployment, the Splunk Enterprise instance that acts as your license master must run 6.5.0 or later. You do not need to upgrade the rest of your deployment to 6.5.0 for a no-enforcement license to work. You must have a contract in good standing with Splunk to take advantage of this new license type.

For additional information about the new license, see Types of Splunk software licenses in the Admin Manual.

Enable the new license behavior:

  1. Upgrade your Splunk Enterprise environment (single instance or license master, at minimum) to 6.5.0 or later.
  2. Contact your sales representative, who can confirm your details and, along with Splunk Support, issue you a no-enforcement license key.
  3. Apply the key to your Splunk Enterprise instance or, in the case of a distributed deployment, your license master instance.
  4. Restart Splunk Enterprise on the individual host or license master for the new license to take effect.

Upgrade universal forwarders

Upgrading universal forwarders is a different process than upgrading Splunk Enterprise. Before upgrading your universal forwarders, see the appropriate upgrade topic in the Universal Forwarder Manual for your operating system:

To learn about interoperability and compatibility between indexers and forwarders, see Compatibility between forwarders and indexers in Forwarding Data.

Replace lost package manifest files

Splunk installation packages have manifest files that Splunk software needs to run. The manifest files exist in the root of the Splunk installation and end in -manifest. If the files are not present (for example, if you have deleted them) then Splunk software cannot run as it cannot verify that it is a valid installation.

If you delete those files in the process of upgrading, or for any reason, you can restore them with the following procedure:

  1. Download an identical copy of the Splunk installer that you downloaded previously. This copy must be the same version and architecture, as manifest files are specific to each version.
  2. Extract the files to a directory that is not your existing Splunk installation.
  3. Copy the files from this directory to the root directory of your Splunk installation.
  4. Start Splunk Enterprise and confirm that it starts normally.
Last modified on 28 November, 2019
Install a license   About upgrading to 7.0 READ THIS FIRST

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters