I am currently planning on upgrading our Splunk Enterprise to version 6.5.2. I know I need to upgrade the Search Heads prior to the Indexers but I'm not sure what order everything else belongs in and am looking for a recommendation.
We have 18 indexers, running version 6.4.1.
We have 8 search heads in a cluster, running version 6.4.1.
We have a deployer (Cluster Master), running version 6.4.1.
We have a deployment server, running version 6.3.1.
We have 4 heavy forwarders that we use as syslog-ng and snmptrapd servers, running versions 6.3.1
We have several standalone search heads, not in the cluster, that do our alerting and run Splunk DB Connect and/or the Splunk App for CEF, running in either 6.3.1 or 6.4.1.
We have a mixed bag of Universal Forwarders running 5.x and 6.x versions.
↧