Getting Data In

Installing universal forwarders with Splunk 4.2.1 build 98164


Hello, our indexers are currently running version 4.2.1 (98164). We are looking to deploy universal forwarders to our Windows servers. Can we install the latest universal forwarders? Or should we stick with version 4.2.1 (98164) when installing the fowarders? Not sure if there is a capatibility issue and wanted to check.

Tags (2)
0 Karma


You sometimes cannot run a version of the forwarder that is newer than the indexer. In your case, the documentation indicates that you could update to the newest version of the forwarder (4.2.5) and have it sending data to an indexer version 4.2.1. I would, however, test this on a limited scale first.

However, you can run a version of the indexer (eg, 4.2.5) that is newer than the forwarder (eg, 4.1). This allows folks to update/upgrade their indexers first and then update the forwarders in a phased approach. This is very common.

The official documentation for this is

Note that I am showing the full URL here, because the Splunk version is embedded in the URL. So check the Version selector in the upper right of the documentation page, to be sure that you are looking at the version of the docs that matches your Splunk! And always check the docs!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!