I am trying to figure out if I will run into any issues while upgrading our Splunk Enterprise environment from 6.6.3 to 7.2.3.
We have a distributed environment that has:
• License Master (covers all environments)
• Search Head (test)
• Indexer (test)
• 2 Heavy Forwarders (test)
• Search Head Cluster (4 nodes with an additional Deployer server – which is also the Cluster Master for the West Coast datacenter) (prod)
• Stand Alone Search Head (prod)
• 2 Heavy Forwarders (prod)
• Index Cluster (4 nodes with additional Cluster Master server) (prod) (West Coast datacenter)
• Index Cluster (4 nodes with additional Cluster Master server) (prod) (East Coast datacenter)
• Index Cluster (3 nodes with additional Cluster Master server)
o The Cluster Master is also the Deployment Server for both prod and test environment
• Search Head running Enterprise Security
We currently have a few caveats in the environment that will affect our upgrade. We cannot upgrade Enterprise Security for now which means that we cannot upgrade the Search Head it runs on since our ES version is 4.7.4 which cannot run with Splunk 7.2.3.
My plan is to upgrade in the following order:
• License Master
• Test Search Head
• Test Indexer
• Test Heavy Forwarders (both)
• Prod Stand Alone Search Head
• All 3 Cluster Masters
o 1 is also the Deployer for the Search Head cluster
o 1 is also the Deployment Server
• Prod Search head Cluster
This will leave the Prod Heavy Forwarders and all of the Prod Indexers on Splunk 6.6.3. We will also not upgrade any of our Universal Forwarders until are able to move forward with updating the rest of the infrastructure servers.
Does this plan look to cover everything or we have problems with it?
Thanks.
↧