From Splunk Wiki
Each Splunk deployment is a unique and special snowflake. When you migrated from Splunk 3.x to 4.x, did you run into something unexpected? What did you find out? How did you work around it? What would you tell your pre-4.x Splunk self if you could go back in time?
Share your tips and experiences here! To do this, make sure you're logged into splunk.com and then edit this topic (there's an edit link above). Then, you can either add a bullet point to the list, or create a link to a new topic. The Splunk Community Wiki is a MediaWiki (like Wikipedia). Use the Mediawiki online help if you need to know how to add and edit pages. When you contribute, please consider signing and dating your post or addition. You can do this easily by including four tildes (~) on a line by themselves.
What every Splunk admin should know about migrating to 4.x:
- Getting to 4.x from 3.0
- Handling custom configurations
- What happened to bundles?
- You don't need sneakymove
- What to know about deployment server
- Where to get your new license key
- Mixing and matching forwarder versions
- Making distributed search work
- Making the deployment server work
- Making syslog out work
- Parallel installs and merging indexes
- When to keep a parallel 3.x instance