Splunk upgrade deployment server
During Splunk upgrade (5.0.5 to 6.2.5) of our indexers, search head, deployment server we have noticed that all the deployment apps get refreshed in all the deployment clients and a lot of the...
View ArticleDisk usage spike on indexer since upgrading to 6.3
Has anyone experienced disk usage spikes on their indexer(s) since upgrading from 6.2 to 6.3? ![alt text][1] [1]: /storage/temp/115183-disk-usage-spike.jpg Our other Splunk servers have not seen...
View Articleupgrade a pooled search head cluster to 6.3.3
I have a working 6.2.2 pooled search head cluster that I need to upgrade to 6.3.3 so I can then migrate to a search head cluster. I have done this upgrade several other times with no issues but now it...
View ArticleHow to upgrade 15 Solaris hosts from Splunk 4.1.3 to 6.4.0 universal forwarders?
As unix support staff drafted to be an inexperienced Splunk support staffer, I hope I can appeal to someone who knows what they are doing. I've been tasked with updating about 15 Solaris hosts to the...
View ArticleAfter upgrading Splunk from 6.3.3 to 6.4.0, why does Splunk not start with...
After upgrading Splunk Enterprise from 6.3.3 to 6.4.0, I see this message: [root@splunk bin]# $SPLUNK_HOME/bin/splunk start --accept-license --answer-yes This appears to be an upgrade of Splunk....
View ArticleAfter 6.4 upgrade every server erroring with: ERROR AuditTrailManager...
Since upgrading the search heads and indexers to v 6.4 (forwarders are still v6.3) the indexers are now logging in splunkd.log the following: 04-07-2016 11:11:15.221 +1000 ERROR AuditTrailManager -...
View ArticleIs Hunk certified for MapR 4.0.2 with security and MapR 5.1?
We are running Hunk at the moment on MapR 4.0.2 with no security and planning to upgrade first to 4.0.2 with security and then MapR 5.1. Is Hunk certified for these two versions?
View ArticleUpgrading a Splunk 5.0.5 Heavy Forwarder to a 6.x Universal Forwarder, how do...
Migrating from a Splunk 5.0.5 Heavy Forwarder to 6.x Universal Forwarder, we want to take over current checkpoints to prevent a reindexing of all events. We tried the msiexec installation parameter...
View ArticleSplunk IT Service Intelligence: Why am I getting message 'IT Service...
Hi, We've updated IT Service Intelligence from 2.1.0 to 2.2.0 according to the documentation (I don't have enough karma points to post links, but using the latest ITSI documentation), and at step 7, a...
View ArticleTrying to upgrade the Splunk Add-on for McAfee, why am I getting "An error...
I'm trying to upgrade the Splunk Add-on for McAfee. I the get the following error An error occurred while installing the app: 400 I also tried Installing the add-on from file with the option *"Upgrade...
View ArticleIn what order do we upgrade our search head, indexer, deployment server, and...
Hi, We are upgrading all of our Splunk components from Splunk 6.2.2 to 6.4. Presently, we are NOT in a distributed environment. We have 4 (1 Search Head, 1 Indexer, 1 Deployment Server, 1 Heavy...
View ArticleTrying to upgrade Windows universal forwarders from Splunk 5.0.3 to 6.4, why...
I am trying to upgrade the collectors on a few Windows Servers because I had a security come back saying my version had some issues. The readme in program files says I have Splunk 5.0.3. I am trying to...
View ArticleAre these the correct steps to upgrade all instances in my distributed search...
Hi All, I have a distributed environment with a deployment server, search head, and multiple indexers. I have to perform a Splunk upgrade from 6.2 to 6.3. I believe the following steps will be good....
View ArticleHow to back up and restore indexed data when upgrading our indexer clustering...
We are running a distributed clustered Splunk environment on version 6.2 We are planning to upgrade to 6.3 due to definitive requirements. As part of the upgrade instructions, it is mentioned to take a...
View ArticleSplunk Search Head giving 500 internal server error after upgrading to Splunk...
Hi, I just upgraded my Splunk Deployment from 6.3 to 6.4. While I am still able to authenticate to the search head, I am getting 500 Internal Server Error which is preventing me from doing anything on...
View ArticleDoes the deployment server need to be the same version or higher than the...
Does the deployment server need to be the same version or higher than the forwarders? Example: my deployment server is 6.2 and I want to upgrade all my forwarders to 6.3. Do I need to upgrade my...
View ArticleWhat is most stable version of the Splunk 6.3 release?
Hi I'm on Splunk version 6.1.4 on Linux and planning for upgrade to 6.3. I want to know which version is most stable as I can see now various 6.3 to 6.4 releases from Splunk.
View ArticleTrying to upgrade from Splunk 6.3 to 6.4, why am I getting error "The program...
Hello I was trying to upgrade Splunk from 6.3 to 6.4, but the installation failed. In the system logs there's a log regarding Libxml2.dll. Application popup: splunk.exe - System Error : The program...
View ArticleMust all cluster nodes be offline when upgrading an indexer cluster from...
The [upgrade instructions][1] for indexer clusters specifies:> When you upgrade from a 6.x, such as 6.2, indexer cluster to a 6.3 cluster, you must take all cluster nodes offline. You cannot perform...
View ArticleNo HTTP Event Collector input as expected after upgrading Splunk to 6.4 from 6.1
We have upgraded our Splunk instance to 6.4 from 6.2 to use HTTP Event Collector feature. However we do not see HTTP Event Collector option in Data inputs list.
View Article