Deployment Architecture

Version Compatibility from Universal Forwarder to splunk cloud verison 9.1.2308.203

kate
Path Finder

Which version of Universal Forwarder for ubuntu (debian 64 bit) is compatible with to splunk cloud verison 9.1.2308.203?

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @kate,

as you can read at https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... you can define the compatibility between the UFs versions and Splunk Enterprise; then Splunk Cloud is aligned to the last version of Splunk Enterprise.

About Ubuntu, you can see at https://www.splunk.com/en_us/download/universal-forwarder.html : in few words, you have to understand wich kernel version has you Ubuntu, but in general, the last version of UF is compatible with kernel >3.x, in other words: all!

Ciao.

Giuseppe

 

kiran_panchavat
Contributor

@kate 

The Splunk Cloud Platform is compatible with the Universal Forwarder for data collection. Let’s determine the appropriate version of the Universal Forwarder for your use case:

Universal Forwarder Compatibility:

The Universal Forwarder is the best choice for collecting data from systems in your environment with minimal resource requirements.

For Splunk Cloud, you should use a Universal Forwarder that aligns with the Splunk Cloud version you are using.

Recommended Version:

Based on the compatibility matrix, the following Universal Forwarder versions are compatible with Splunk Cloud 9.1.2308.203:

9.0.x
9.1.x
9.2.x

Deployment Considerations:

Deploy the Universal Forwarder on your Ubuntu (Debian 64-bit) systems.
Configure it to send data to your Splunk Cloud instance.
Remember to verify the compatibility and monitor the data collection process. You can find more details in the Splunk documentation.

https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/UsingforwardingagentsCloud 
https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... 
https://docs.splunk.com/Documentation/Forwarder/9.2.0/Forwarder/Deploy 

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...