Is there a need to upgrade forwarder as well during Splunk version upgradation process?
It's not mandatory but recommended especially in case of security vulnerabilities.
However, you should make sure that the forwarders are compatible with indexers
Reference : https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar...
Additional documentation for update scenarios and instructions : https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/Upgradethenixuniversalforwarder
@renjith_nair thanks for the information.
How can I check which forwarder version is installed on my linux machine?
Can you help me with the command?
you can use the splunk binary from the machine
./splunk --version
OR
use SPL to search for all machines
index=_internal source=*metrics.log group=tcpin_connections
| rename connectionType as connectType
| eval connectType=case(fwdType=="uf","univ fwder", fwdType=="lwf", "lightwt fwder",fwdType=="full", "heavy fwder", connectType=="cooked" or connectType=="cookedSSL","Splunk fwder", connectType=="raw" or connectType=="rawSSL","legacy fwder")
|stats first(version) as version,first(connectType) as connectType by hostname