Splunk® Enterprise

Installation Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

How to upgrade Splunk Enterprise

This topic discusses how to upgrade Splunk Enterprise and its components from one version to another.

In many cases, you upgrade SplunkEnterprise by installing the latest package over your existing installation. On Windows systems, the installer package detects the version that you have installed and offers to upgrade it for you.

Note: When upgrading Splunk Enterprise, do so with an administrative-level user account.

What's new and awesome in 6.2?

Read "Meet Splunk Enterprise 6.2" in the Release Notes for a full list of the new features we've delivered in 6.2.

Review the known issues in the Release Notes for a list of issues and workarounds in this release.

Back up your existing deployment

Always back up your existing Splunk Enterprise deployment before you perform any upgrade or migration.

You can manage your risk by using technology that lets you restore your Splunk Enterprise installation and data to a state prior to the upgrade, whether you use external backups, disk or file system snapshots, or other means. When backing up your Splunk Enterprise data, consider the $SPLUNK_HOME directory, as well as any indexes located outside of it.

For more information about backing up your Splunk Enterprise deployment, see "Back up configuration information" in the Admin Manual and "Back up indexed data" in the Managing Indexers and Clusters Manual.

Choose the proper upgrade procedure based on your environment

The way that you upgrade Splunk Enterprise differs based on whether you have a single Splunk instance or multiple Splunk instances connected together. The differences are significant if you have configured a cluster of Splunk instances.

Upgrade distributed environments

If you plan to upgrade a distributed Splunk Enterprise environment, including environments that have one or more search head pools, read "Upgrade your distributed environment" in the Distributed Deployment Manual.

Upgrade clustered environments

There are special requirements for upgrading an indexer cluster or a search head cluster.

To upgrade an indexer cluster, see "Upgrade an indexer cluster" in the Managing Indexers and Clusters manual.

To upgrade a search head cluster, see "Upgrade a search head cluster" in the Distributed Search manual.

Those topics have upgrade instructions that supersede the instructions in this manual.

Then, read about important migration information before upgrading

Important: Before upgrading, be sure to read "About upgrading to 6.2: READ THIS FIRST" for specific migration tips and information that might affect you.

Upgrade from 5.0 and later

Splunk Enterprise supports a direct upgrade from versions 5.0 and later to version 6.2.

Upgrade from 4.3 and earlier

Upgrading directly to version 6.2 from version 4.3 and earlier is not officially supported.

  • If you run version 4.3, upgrade to version 6.0 first before attempting an upgrade to 6.2.
  • If you run version 4.2, upgrade to version 5.0 first before attempting an upgrade to 6.2.
  • If you run a version earlier than 4.2, upgrade to version 4.3 first, then upgrade to version 6.0 before attempting an upgrade to 6.2. Read "About upgrading to 4.3 READ THIS FIRST" for specific details on how to upgrade to version 4.3.

Upgrade universal forwarders

Upgrading universal forwarders is a different process than upgrading Splunk Enterprise. Before upgrading your universal forwarders, be sure to read the appropriate upgrade topic for your operating system:

To learn about interoperability and compatibility between indexers and universal forwarders, read "Indexer and universal forwarder compatibility" in the Forwarding Data manual.

Replace lost package manifest files

Splunk installation packages have manifest files that Splunk software needs to run. The manifest files exist in the root of the Splunk installation and end in -manifest. If the files are not present (for example, if you have deleted them) then Splunk software can not run as it can not verify that it is a valid installation.

If you delete those files in the process of upgrading, or for any reason, you can restore them with the following procedure:

  1. Download an identical copy of the Splunk installer that you downloaded previously. This copy must be the same version and architecture, as manifest files are specific to each version.
  2. Extract the files to a directory that is not your existing Splunk installation.
  3. Copy the files from this directory to the root directory of your Splunk installation.
  4. Start Splunk Enterprise and confirm that it starts normally.
PREVIOUS
Install a license
  NEXT
About upgrading to 6.2 - READ THIS FIRST

This documentation applies to the following versions of Splunk® Enterprise: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters