Skip to main content

 

Splunk Lantern

Upgrading Splunk Enterprise

 

Splunk adds and updates features and functions regularly to keep pace with innovation and reduce risk. If you have Splunk Cloud Platform, these updates are released continually and you can read about recent changes in the Frequently Asked Questions section of this article. But with Splunk Enterprise on-prem, many companies have a policy to wait a few releases before upgrading any software to make sure that new features are stable. Waiting that long means the company then only has a year before that version moves out of support.

The software support policy for Splunk Enterprise is two years. For on-prem customers, Splunk releases two levels of software updates to Splunk Enterprise:

  • Major "x." and Minor "x.x" releases include new and updated features and functions, updated platform elements, and cumulative bug fixes. Splunk issues major and minor releases on average twice per year. 
  • Maintenance "x.x.x" releases include bug fixes and minor updates within a major release interval. Splunk issues maintenance releases several times per year.

On-prem customers benefit from the continual updates to Splunk Cloud Platform because features, functions, and updates are thoroughly road-tested and hardened when they are released in a major version update.

Considerations for upgrading

Version compatibility: What works with what? 

During upgrade planning, one of the first things to check is the compatibility of your Splunk premium apps and forwarders with your Splunk Enterprise destination version. Bookmark and use the Splunk versions compatibility matrix - a single place where you can look up which versions work together.

The following table shows compatibility between different forwarder and deployment server versions.

Forwarder version Splunk Enterprise deployment server version
7.x 9.x
8.x 9.x
9.x 9.x

Pitfalls: What can cause problems during an upgrade? 

You will find a list of all major pitfalls and considerations listed in About Upgrading READ THIS FIRST in the Splunk Enterprise Installation Manual, including:

  • Changes that can potentially break Splunk Enterprise installations
  • Occurrences that appear as problems but are normal
  • Considerations for changed or removed features
  • Considerations for new features

If you need help to support your organization through an upgrade, you can contact experts in Professional Services that can help you at any point. You can learn more about Splunk's technical advisory options through our Customer Success webpages.

Order of operations: What is the upgrade process? 

Learn about the process with the comprehensive General process to upgrade Splunk Enterprise diagram on Splunk Answers that gives a high-level overview of how to plan and execute a Splunk Enterprise upgrade. The graphic includes where apps and add-ons fit in, when to upgrade forwarders, and links to documentation topics that explain what to do. This general process works for all Splunk Validated Architectures - just skip the components that aren't relevant to your deployment.

When you are ready to begin, follow the steps laid out in Splunk Documentation for upgrading to the latest Splunk Enterprise version: How to Upgrade Splunk Enterprise.

You can check in with your Customer Success Manager or your Splunk account team to have them validate your upgrade plan and help you fine-tune it. Need help with planning this upgrade? Engage OnDemand Services directly to execute an "Upgrade Readiness Assessment" task or "Ask an Enterprise Expert" general consultative task to clarify questions you may have. Most customers have access to ODS per their license support contract. If you cannot open a request or do not know if you have OnDemand access, contact the ODS team at OnDemand-Inquires@splunk.com for assistance.

Best practices: What should you keep in mind during upgrade planning?

  • Upgrade your on-premise Splunk Enterprise implementation as often as you can, but at least once per year. Then establish a regular upgrade cadence so you can keep pace with all major and maintenance updates Splunk releases. If you are on a later Splunk Enterprise version, maintenance updates are straightforward and non-disruptive to perform. 
  • If Splunk issues a maintenance release during your upgrade planning cycle, we strongly recommend that you make the latest release the target of your upgrade.
  • Be proactive. Don't wait until you encounter a bug or reach the end of the version support window. 
  • If you have a clustered architecture, rolling upgrade features available since Splunk 7.1 have taken a lot of tedium out of regular upgrades. For details, see Perform a rolling upgrade of a search head cluster
  • Use the Upgrade Readiness App to prepare your Splunk platform deployment for upgrades to the latest version of Python, jQuery libraries etc. The Upgrade Readiness app is installed by default on Splunk Enterprise version 8.2 and higher. If you are on a Splunk Enterprise version prior to 8.2 but after 7.3, you can download the app from Splunkbase to install it on your deployment.

FAQs

These frequently asked questions address the most commonly asked questions from Splunk's security advisories that can be addressed by upgrading to Splunk Enterprise 9.0. For our Splunk Cloud Platform customers, many of these fixes will be addressed by Splunk. See our Splunk Product Security page for the most up-to-date information and subscribe to get timely updates.

Next steps