Solved: Compatibility between forwarders and indexers

AaronMoorcroft · ‎04-20-2015

Hi Guys,

I could do with upgrading all our forwarders, mainly 5.0.2 on Windows to the latest forwarder build 6.2.2, the potential issue being that our indexer is 5.0.2. This will be upgraded also but not for a while, so my question is if I go ahead and upgrade the current forwarders from 5.0.2 up to 6.2.2 will they continue to work with a 5.0.2 Indexer ?

Thank you

MuS · ‎04-20-2015

Hi AaronMoorcroft,

check the docs http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Compatibilitybetweenforwardersandindexe... where you can find the following statement:

 6.x forwarders (universal/light/heavy) are backwards compatible down to 5.0.x indexers.

Hope that helps ...

cheers, MuS

View solution in original post

jeffland · ‎04-20-2015

It shouldn't be a problem to use 6.x forwarders with 5.x indexers, based on this documentation.

MuS · ‎04-20-2015

Hi AaronMoorcroft,

check the docs http://docs.splunk.com/Documentation/Splunk/6.2.2/Forwarding/Compatibilitybetweenforwardersandindexe... where you can find the following statement:

 6.x forwarders (universal/light/heavy) are backwards compatible down to 5.0.x indexers.

Hope that helps ...

cheers, MuS

jeffland · ‎04-20-2015

Meh, you were seconds faster... 🙂

AaronMoorcroft · ‎04-20-2015

cheers pal 🙂

AaronMoorcroft · ‎04-20-2015

That's spot on, thank you very much for that, now I guess I have some work to do :$

Compatibility between forwarders and indexers

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases