Find the Sweet Spot of Splunk Enterprise Upgrades

By Splunk

Splunk adds and updates features and functions to Splunk Enterprise regularly to keep pace with innovation and reduce risk. In fact, Splunk releases these updates on the Splunk Cloud platform continually.

For on-prem customers, Splunk releases two levels of software updates to Splunk Enterprise:

Major "x." and minor "x.x" releases include new and updated features and functions, updated platform elements, and cumulative bug fixes. Splunk issues major and minor releases on average twice per year.
Maintenance "x.x.x" releases include bug fixes and minor updates within a major release interval. Splunk issues maintenance releases several times per year.

On-prem customers benefit from the continual updates to the Cloud platform because features, functions, and updates are thoroughly road-tested and hardened when they are released in a major version update.

So if you have an on-prem Splunk Enterprise implementation, the best practice is to upgrade as often as you can, but at least once per year. Then establish a regular upgrade cadence so you can keep pace with all major and maintenance updates Splunk releases. If you are on a later Splunk Enterprise version, maintenance updates are straightforward and non-disruptive to perform.

If Splunk issues a maintenance release during your upgrade planning cycle, we strongly recommend that you make the latest release the target of your upgrade.

The key is to be proactive. Don't wait until you encounter a bug or reach the end of the version support window.

For tips about how to establish a regular upgrade cadence, take in the blog and Splunk Answers series, "The Insider's Guide to Splunk Enterprise Upgrades: Before, During, and After."

More Upgrade Tips

Find which versions of Splunk software are currently supported, and learn their end-of-support window in the Splunk Software Support Policy.
Good news if you have a clustered architecture: rolling upgrade features available since Splunk 7.1 have taken a lot of tedium out of regular upgrades. For details, see "Perform a rolling upgrade of a search head cluster" in the Splunk Enterprise Distributed Search manual, and “Perform a rolling upgrade of an indexer cluster” in the Managing Indexers and Clusters of Indexers manual.
If you never want to worry about upgrading your Splunk platform again, migrate to Splunk Cloud and let the Splunk experts take care of upgrades, infrastructure, and maintenance for you. To learn more, contact your Splunk sales representative, or visit Splunk Cloud on the Splunk website.
Watch the Splunk Answers post, "How often should I upgrade Splunk Enterprise?," for updates and feedback about establishing a regular upgrade cadence.

----------------------------------------------------
Thanks!
Jane Mulcaster

Smarter ITSI Episodes Powered by Community Detection Algorithms

In this blog we are going to describe how you can create a notable event policy in IT Service Intelligence (ITSI) that is able to group your events using labels generated by unsupervised machine learning in the Smart ITSI Insights App for Splunk – and don’t worry you don’t have to be a data scientist to read this blog!

Platform 5 Min Read

A New Way to Look Like Splunk

This blog kicks off a series where we talk about the entire Splunk UI Toolkit and how each part will benefit your app development process in the future.

Platform 2 Min Read

Splunking F1: Part One

A 'how to' guide on consuming and analysing F1 PS4 game data with Splunk.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.