Getting Data In

Can we get a change log just for the Universal Forwarder?

DaClyde
Contributor

Since the Universal Forwarder is a separate package from the main Splunk install, could we please get a separate Release Notes page just for the forwarder so we can know definitively whether or not the forwarder has changed from one release to the next? If all that has changed is the version number, we would love not to waste time needlessly upgrading forwarders that don't need it.

If we're running 6.0.4 forwarders, is there any technical reason to upgrade to 6.1.3 forwarders? This really needs to be spelled out, in no uncertain terms, with each universal forwarder release.

the_wolverine
Champion

The change log does spell out what part of the product was fixed. For forwarders you'd look at the inputs and forwarder section (perhaps a few other sections): http://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/6.1.3

Generally Splunk will not recommend that you upgrade your forwarders unless necessary. Certainly they would not recommend that you upgrade merely because there is a new release unless there were some fix in that new release that you were specifically looking for or some urgent security fix included.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

It is a good and worthwhile suggestion. The doc team at Splunk is talking about ways to deliver this content efficiently--we will keep you posted!

0 Karma

DaClyde
Contributor

There is a 50MB difference in package size when downloading the Splunk installer vs the Universal Forwarder installer. If there is that much difference, they are not the same product. I'm just asking since they are distributed as two separate pieces of software, they should have separate release notes.

0 Karma

grijhwani
Motivator

The forwarder IS just a Splunk install with the bulkier elements hard disabled. What's true of one is true of t'other.

0 Karma

DaClyde
Contributor

I would hope for something more explicit that specifically calls out the universal forwarder itself, and not just the general forwarding capability of Splunk as a whole. Our Information Assurance people tend to err on the side of "when in doubt, upgrade". I would love to have something that actually states whether or not the upgrade is necessary, specifically for the universal forwarder.

Basically if we are not experiencing any functional issues with our universal forwarders, the only reason we would ever need to upgrade would be for security issues.

0 Karma

cantrell
New Member

This needs to be revisited. We have the same issue as the original poster as we have a deployed Splunk in a compliance-driven environment. If it is distributed as a separate package, it deserves an explicit set of release notes.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...