Deployment Architecture

Connect a Search Head running on Splunk 7.1.6 to 2 different clusters running on 7.1.6 & 7.2.1

santosh_hb
Explorer

Hi Team,

I have to test the following scenario. Can you help me whether this works:

  • A Test Search Head that has Splunk 7.1.6
  • 2 Clustered Environments one in which all the cluster members are running on Splunk 7.1.6 and one more where all the cluster members are running on 7.2.1 .

Now, whether can I connect my Test Search Head to both clusters and is it possible to fetch the data from both the clusters into Test
Search Head.

Please note of the Cluster Master has 7.1.6 Splunk and one more has 7.2.1.

Appreciate your reply.

regards,
Santosh

0 Karma

jnudell_2
Builder

HI @santosh_hb ,
This is not supported. The search heads have to be at or above the version of the indexers. Therefore your search head would have to be running version 7.2.1 in your scenario.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...