Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP Event Collector: Can I set up a farm of Splunk 6.3 forwarders and send them to to 6.1 indexers?

a212830
Champion
‎10-05-2015 12:38 PM

Hi,

I have customers interested in using the HTTP event collector, but I'm still running 6.1 indexers and search heads. Can I set up a farm of 6.3 forwarders and send them to 6.1 indexers?

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎11-03-2015 06:03 PM

Hi folks

We've just added new documentation on distributed deployment. You can find it here.

Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎10-06-2015 03:00 AM

Yes you can have 6.3 Event Collector instances which forward to 6.2. In the configuration of EC you can select an output group for it to forward to. The receiving indexers do not have to be 6.3.

As to the UF, it is not supported today, though it may work. Only HWF is supported from a forwarder perspective.

0 Karma
Reply

sloshburch
Ultra Champion
‎10-05-2015 01:50 PM

http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
http://docs.splunk.com/Documentation/Splunk/latest/admin/Inputsconf

I'm not seeing anything that says that the functionality does not exist on [universal] forwarders but haven't tried. I'd say give it a try and see? You can run a curl command against it to see if it catches your http request.

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...