I realize the Splunk Hadoop Connector requires forwarder version 5.x. Will it work properly if I attempt to forward to 4.x indexers?
Based on this line of documentation, it looks like it is possible to use a 5.x forwarder to send to 4.2.x (and later) indexers.
These are the compatibility restrictions between versions of forwarders and indexers:
4.2+/5.0+ forwarders (universal/light/heavy) are backwards compatible down to 4.2+ indexers. For example, a 4.3 forwarder can send data to a 4.2 indexer but not to a 4.1 indexer.
View solution in original post
To import data from Hadoop HDFS into Splunk, you are correct, it does require Splunk 5.0 or later forwarder, which supports modular inputs.
For indexer/forwarder compatibility, I would refer to the following docs: