How to upgrade Splunk
This topic discusses how to upgrade Splunk Enterprise and its components from one version to another.
In many cases, you upgrade Splunk by installing the latest package over your existing installation. On Windows systems, the installer package detects the version that you have installed and offers to upgrade it for you.
Note: When upgrading Splunk Enterprise, do so with an administrative-level user account.
What's new and awesome in 6.0?
Read "Meet Splunk Enterprise 6" in the Release Notes for a full list of the new features we've delivered in 6.0.
Review the known issues in the Release Notes for a list of issues and workarounds in this release.
Always back up your existing deployment first
Get into the habit of backing up your existing Splunk Enterprise deployment before any upgrade or migration.
You can manage your risk by using technology that allows you to restore your Splunk Enterprise install and data to a state prior to the upgrade, whether you use external backups, disk or file system snapshots, or other means. When backing up your Splunk data, consider the $SPLUNK_HOME directory, as well as any indexes located outside of it.
For more information about backing up your Splunk Enterprise deployment, read the topics "Back up configuration information" in the Admin Manual and "Back up indexed data" in the Managing Indexers and Clusters Manual.
Choose the proper upgrade procedure based on your environment
The way that you upgrade Splunk Enterprise differs based on whether you have a single Splunk instance or multiple Splunk instances connected together. The differences are significant if you have configured a cluster of Splunk instances.
Upgrade distributed environments
If you plan to upgrade a distributed Splunk Enterprise environment, including environments that have one or more search head pools, read "Upgrade your distributed environment" in the Distributed Deployment Manual.
Upgrade clustered environments
If you plan to upgrade a clustered Splunk environment, read "Upgrade your clustered deployment" in the Managing Indexers and Clusters Manual. That topic has upgrade instructions that supersede the instructions in this manual.
Important: All nodes of a clustered Splunk Enterprise environment must run the same version of Splunk. If you plan to upgrade your clustered environment, you must upgrade all nodes (including search heads, master nodes, and peer nodes) in the cluster at the same time.
Then, read about important migration information before upgrading
Important: Before upgrading, be sure to read "About upgrading to 6.0: READ THIS FIRST" for specific migration tips and information that might affect you.
Upgrade from 5.0 and later
Splunk supports a direct upgrade from versions 5.0 and later to version 6.0.
If you're upgrading from 5.0 or later, read the rest of this topic first before proceeding with the installation instructions linked below.
Upgrade from 4.3
Splunk also supports a direct upgrade from version 4.3 and later to version 6.0.
Upgrading directly to 6.0 from versions older than 4.3 is not officially supported. If you are running a version of Splunk earlier than 4.3, then you should upgrade to 4.3 first before attempting an upgrade to 6.0. Read "About upgrading to 4.3 READ THIS FIRST" for specific details on how to upgrade to version 4.3.
Upgrade universal forwarders
Upgrading universal forwarders is a different process than upgrading full Splunk. Before upgrading your universal forwarders, be sure to read the appropriate upgrade topic for your operating system:
To learn about interoperability and compatibility between indexers and universal forwarders, read "Indexer and universal forwarder compatibility" in the Forwarding Data manual.
Install a license
About Upgrading to 6.0 - READ THIS FIRST
This documentation applies to the following versions of Splunk® Enterprise: 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15