Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Lightweigth forwarder upgrade

cafissimo
Communicator
‎03-31-2011 01:18 PM

Hello, I am going to upgrade splunk light forwarder to splunk universal forwarder. In the splunk documentation I'have found some steps to follow. In particular I should (as written in "http://www.splunk.com/base/Documentation/latest/Deploy/Migrateanixforwarder") as mentioned at step 3: "3. In the universal forwarder's installation directory, $SPLUNK_HOME, create a file named old_splunk.seed; in other words: $SPLUNK_HOME/old_splunk.seed. This file must contain a single line, consisting of the path of the old forwarder's $SPLUNK_HOME directory. For example: /opt/splunk. " Does it mean that the universal forwarder has to be installed in a different directory than /opt/splunk if the light forwarder is installed in /opt/splunk? Thanks and kind regards, Luca Caldiero, Consoft Sistemi S.p.A.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-31-2011 03:33 PM

You cannot actually upgrade from the light forwarder to the universal forwarder, but you can migrate your light forwarder settings to the universal forwarder. This is an important distinction.

Unlike the light forwarder, the universal forwarder is an entirely separate download and executable from full Splunk. Do not install it over an existing installation of full Splunk (including light forwarder or heavy forwarder).

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Steve_G_
Splunk Employee
Splunk Employee
‎03-31-2011 03:33 PM

You cannot actually upgrade from the light forwarder to the universal forwarder, but you can migrate your light forwarder settings to the universal forwarder. This is an important distinction.

Unlike the light forwarder, the universal forwarder is an entirely separate download and executable from full Splunk. Do not install it over an existing installation of full Splunk (including light forwarder or heavy forwarder).

0 Karma
Reply
Solved! Jump to solution

Branden
Builder
‎03-31-2011 03:30 PM

Yes, you should install the Universal Forwarder in a different directory than the SplunkLightForwarder.

The instructions confused me at first too. I always installed the SplunkLightForwarder in /splunk, but then I noticed that the UniversalForwarder tarball extracts to /splunkforwarder, so that's where I installed it. (That's how it worked on AIX anyway.) Worked great.

Hope that helps!

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...