Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Enterprise / Universal Forwarder version compatibility

fxyfrank_acn
Explorer
‎07-30-2019 12:07 AM

Hi There,

I am planning to upgrade my Splunk Enterprise (currently 6.5.5) and Universal Forwarders (currently 6.3.3) to 7.3.0.

Is Splunk Enterprise 7.3.0 compatible with Universal Forwarder 6.3.3 and and vice versa?

Asking this because there might be a short period of time when some of my Splunk components are still using older version while some of them have already upgraded to the latest.

Thank you!

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎07-31-2019 12:10 AM

6.3.X can send to 7.3.x without any problems, both UF and HF. Just be aware of the cipher changes that are documented, even though they don't apply as long as your indexers are 7.x+.

0 Karma
Reply

KailA
Contributor
‎07-30-2019 12:25 AM

Hi !

I think this doc will tell you what you want to know : https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Compatibilitybetweenforwardersandind...

From what I read, it should be good for you, you just can't send metrics 🙂

0 Karma
Reply

fxyfrank_acn
Explorer
‎07-30-2019 04:20 PM

Does this compatibility matrix also apply to Universal Forwarders and Heavy Forwarders? Since I'm currently using HF as the deployment server communicating with UFs. Thanks!

0 Karma
Reply

KailA
Contributor
‎07-31-2019 12:03 AM

I'm not 100% sure, but for me, your Heavy Forwarder should be consider more like an indexer than a forwarder, you should upgrade it in the same time that you upgrade your Splunk Enterprise to avoid any problems.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...