Skip to content

How to Avoid Splunk Upgrade Mistakes – Webinar Replay


Written by: Kinney Group | Last Updated:

April 3, 2023

Originally Published:

May 9, 2019

The biggest challenge IT teams face when upgrading any software is the unknown. There’s no doubt we love the latest and greatest version of our favorite software or technology, but upgrading can have some challenges. At Kinney Group, our team knows this issue very well when it comes to helping our clients undergo a Splunk upgrade.

In our recent webinar, Splunk Engineers Jake Miller and Hans Maldonado discuss what you and your team should consider before upgrading your current Splunk environment. If you are looking to make your Splunk upgrade more seamless, you’ll definitely want to check out this webinar replay below…

5 Things to Consider to Make Your Splunk™ Upgrade More Seamless

The 5 topics we will touch on in 15 minutes:

  1. Why you should or should not upgrade Splunk today (know your whys!)
  2. Your Current Splunk Topology
  3. App & Add-on Version Disparities
  4. Upgrade & Known Issues
  5. Understanding README Files

This pre-recorded webinar was held on Thursday, May 9, 2019. Here is a bit more detail on what’s covered:

1. Know Your Why

If there is no clear reason to upgrade, should you? Hans and Jake review the three most common “whys,” such as desiring new features, having internal requirements, or possibly needing to address security issues. It may be that what you’re looking for is having a combination of whys.

Listen in while we review these common upgrade reasons and see what things you’ll want to consider within each area. Be cautions that in an attempt to move forward, you could be moving backward. For example, while we do love new features, your upgrade should not be feature driven. It should be about what’s best for the business.

Make sure the upgrade process is more controlled and successful with the advice in this section of the webinar.

2. Your Current Splunk Topology

Splunk is able to interact with nearly any system for the purposes of ingesting or even transmitting data. When upgrading Splunk, you have to consider each and everything that Splunk passes through.

Listen in to review some important examples of what you should be considering. For example, we give a specific example of getting a request to upgrade your Splunk Universal Forwarder from its current version to the latest. It may not be as straightforward as you think. Make sure you get our experienced advice on what you might not think of on your own.

3. App & Add-on Version Disparities

We know that your Apps must be compatible with Splunk, and we know that your Add-ons must be compatible with Splunk. But what about making sure your Add-on is compatible with the App?

Important: Since the Add-on collects data and puts it into Splunk in a certain format, you must ensure your App is compatible with the data that was sent to Splunk by the Add-on.

We hone in on the real-life example of the Windows Add-on, which we know has recently been a matter of confusion and frustration for Splunk customers. Hans and Jake tell you why that is, and they detail more about what needs to be done to rectify the issue, especially when upgrading. (Again, it’s not as straightforward as you might think.)

Minimize the pain you might incur during your upgrades by paying particular attention to this part of the webinar on Splunk App and Add-on version disparities.

New call-to-action


4. Upgrade and Known Issues

Upgrading is not always a seamless process. There could be problems during an upgrade, and these could cause unforeseen damage to your Splunk environment. There is the potential that you could be the first to encounter a previously unknown bug, and this could take significant time and effort to diagnose and work around them.

Here are some of the issues that could potentially occur during an upgrade that we take a closer look at on this webinar:

  • Permission Changes
  • Unstable Network
  • OS Dependency Overwritten
  • Deprecated Settings
  • Improper Resource Provision
  • Incomplete Installation Package
  • Unforeseen Incompatibility
  • Upgrade Package Error

We delve specifically into a few of these problems you see in the list above. It may not be worth exposing yourself to these additional problems, simply to gain a cosmetic feature. Again, make sure you watch the webinar replay to hear what Hans and Jake have to say on some of these more common upgrade issues.

5. Understanding README Files

In our last section, we discuss README files from a Splunk-supported Add-on during an upgrade; as with many of the topics we address in this presentation, these are not always straightforward. We’ll tell you what to be on the lookout for and where to pay attention during a Splunk upgrade.

Questions Asked and Answered in the Webinar

Three attendee questions came in during the webinar. If you share these questions listed below, be sure to tune in to the latter part of the presentation.

  1. Question 1: If you were to provide one simple rule to always follow to best eliminate issues during Splunk upgrades, what would it be?
  2. Question 2: What is the difference between an “App” and an “Add-on”?
  3. Question 3: Is there a way to upgrade the Splunk version through the Splunk UI or Splunk Web?

In the end, the advice given in this webinar should give you a good understanding of what to consider when contemplating the need or desire to upgrade your existing Splunk environment.

Built for companies executing important, complex, sensitive work, Splunk is the No. 1 big data platform in the market today. When used to its potential, it can deliver powerful insights in the areas of security and IT operations. As a strategic platform, Splunk can power organizations’ use cases for Internet of Things (IoT), compliance, and business intelligence applications.

But Splunk can’t function without people. When organizations don’t have enough Splunk expertise on staff, nor the time needed for teams to develop that expertise with their personnel, your investment of time, money, and energy in Splunk can fall flat. This is precisely why Kinney Group developed Expertise on Demand for Splunk.

Kinney Group’s Splunk Experts to the Rescue

Whether you’re short-staffed, on a tight budget, or banking on the internet to get over all your Splunk hurdles, Kinney Group’s Expertise on Demand (EoD) for Splunk service can help. Expertise on Demand for Splunk bridges the gap between SOW-driven professional services and break/fix customer support.

Don’t let your investment in Splunk fall flat because you don’t have enough expertise on staff. Let Kinney Group help you maximize your time, investment, and energy in Splunk. Find out how to get anytime, immediate access to our deep bench of Splunk experts with a subscription to Expertise on Demand for Splunk services.

New call-to-action
Helpful? Don't forget to share this post!
Share on linkedin
Share on reddit
Share on email
Share on twitter
Share on facebook

No comment yet, add your voice below!

Add a Comment

Your email address will not be published. Required fields are marked *