Splunk® IT Service Intelligence

Install and Upgrade Manual

Splunk IT Service Intelligence (ITSI) version 4.11.x reached its End of Life on December 6, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see Before you upgrade IT Service Intelligence.
This documentation does not apply to the most recent version of Splunk® IT Service Intelligence. For documentation on the most recent version, go to the latest release.

Before you upgrade IT Service Intelligence

Perform the steps in this topic before you upgrade IT Service Intelligence (ITSI) to the latest release. Splunk Cloud Platform customers must work with Splunk Support to coordinate upgrades to ITSI.

ITSI supports upgrades from up to three versions prior to the one you're upgrading to. If the version of ITSI that you are upgrading to is more than three versions higher than your current version, then you must perform a step migration to a lower version first.

View cloud and on-prem upgrade paths at ITSI upgrade paths.

Make sure no service templates are syncing

If any service templates are syncing when you upgrade ITSI, the upgrade fails. Check the sync status of service templates by clicking Configuration > Service Templates from the ITSI main menu.

Check admin role inheritance

Make sure the Splunk admin role inherits from the itoa_admin role. The default settings for admin role inheritance for ITSI are contained in authorize.conf. Problems can occur when these settings have been modified in a local version of the file.

Check KV store size limits

The limit of a single batch save to a KV store collection is 500 MB. Check the total amount of data that your services contain, and, if necessary, increase the KV store size limit in $SPLUNK_HOME/etc/apps/SA-ITOA/local/limits.conf. This setting controls the maximum size, in megabytes (MB), of the results that are returned for a single query to a collection.

Prerequisites

  • Only users with file system access, such as system administrators, can increase the KV store size limit.
  • Review the steps in How to edit a configuration file in the Splunk Enterprise Admin Manual.

Never change or copy the configuration files in the default directory. The files in the default directory must remain intact and in their original location.

Steps

  1. Open or create a local limits.conf file in $SPLUNK_HOME/etc/apps/SA-ITOA/local/.
  2. Increase the max_size_per_result_mb value in the [kvstore] stanza:
    [kvstore]
    max_size_per_result_mb = [new value]
    

Review known issues and changes

Review the following topics before you upgrade ITSI:

  1. Compatible versions of the Splunk platform. See Splunk Enterprise system requirements.
  2. Hardware requirements. See Planning your hardware requirements.
  3. Known issues with the latest release of IT Service Intelligence. See Known issues in Splunk IT Service Intelligence in the Release Notes.
  4. Removed features in the latest release of IT Service Intelligence. See Removed features in the Release Notes.

Validate index names

Check that index names have not changed before you upgrade ITSI. See New features in Splunk IT Service Intelligence for any changed index names or review the indexes.conf file.

Recommendations for upgrading IT Service Intelligence

Upgrade both the Splunk platform and IT Service Intelligence in the same maintenance window. See the Splunk Enterprise system requirements to verify which versions of Splunk ITSI and Splunk Enterprise are supported with each other.

If you're upgrading to the Python 3 release of Splunk Enterprise (version 8.x), you must upgrade ITSI and all other apps before upgrading Splunk Enterprise. For more information, see Python 3 migration with ITSI.

  1. Upgrade Splunk Enterprise to a compatible version.
  2. Upgrade Splunk platform instances.
  3. Upgrade Splunk IT Service Intelligence.
  4. Review, upgrade, and deploy add-ons.
  5. See Version-specific upgrade notes for post-installation tasks.

Upgrading ITSI deployed on a search head cluster is a multi-step process. The procedure is detailed in Upgrade IT Service Intelligence in a search head cluster environment in this manual.

Last modified on 11 September, 2023
Uninstall Splunk IT Service Intelligence   Steps to address the Apache Log4j vulnerabilities in ITSI or IT Essentials Work

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.17.0, 4.17.1, 4.18.0, 4.18.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters