Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Forwarder ? Full Fat Client ? Indexer ?

AaronMoorcroft
Communicator
‎03-28-2013 04:02 AM

Hi Guys

I have an instance of Splunk installed on a sevrer which I need to upgrade I was under the impression that it was a forwarder however it has the web interface with tools avaiable, im told that this is a full fat client.

what should I be downloading to upgrade this instance with ? and will it have any effect on what work its already doing ? after upgrading,

Edit>>>

Ok So I have a little more info on this, I managed to get hold of the previous employee who looked after this, this specific installation im told is a Full Fat Forwarder, Ver 4.3.2 I still need to upgrade to the latest ver of 5.x.x

I gather that full fat forwarders no longer exist ? and it would be a universal forwarder that would now be downloaded and installed over the top of this, is that correct ? again would everything still work as it currently is ?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎03-28-2013 04:29 AM

They sure do still exist. It's the same installation package as indexer/search head. There are just two products to choose from;
a) Universal Forwarder
b) Splunk

A full splunk installation can be an indexer (receives events), a search head (web gui for end users) or both. It can also act as a Heavy Forwarder. The difference is that you have configured it to NOT index events locally, and instead forward them to another splunk instance (namely the indexer). You can also opt to disable the web gui when running Splunk in the HF or indexer role.

As for upgrading you can just upgrade with a new version of Splunk (the full ), i.e. not Universal Forwarder.

You can install a UF instead of a full splunk, but it will not overwrite the existing installaion or inherit any of its configurations.

Hope this helps,

Kristian

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎03-28-2013 04:29 AM

They sure do still exist. It's the same installation package as indexer/search head. There are just two products to choose from;
a) Universal Forwarder
b) Splunk

A full splunk installation can be an indexer (receives events), a search head (web gui for end users) or both. It can also act as a Heavy Forwarder. The difference is that you have configured it to NOT index events locally, and instead forward them to another splunk instance (namely the indexer). You can also opt to disable the web gui when running Splunk in the HF or indexer role.

As for upgrading you can just upgrade with a new version of Splunk (the full ), i.e. not Universal Forwarder.

You can install a UF instead of a full splunk, but it will not overwrite the existing installaion or inherit any of its configurations.

Hope this helps,

Kristian

0 Karma
Reply
Solved! Jump to solution

kristian_kolb
Ultra Champion
‎03-29-2013 05:45 AM

you're welcome 🙂

0 Karma
Reply
Solved! Jump to solution

AaronMoorcroft
Communicator
‎03-28-2013 09:31 AM

Hey, Just completed the upgrade on our server without any issues at all, just wanted to say thanks again for your help, your a star

0 Karma
Reply
Solved! Jump to solution

kristian_kolb
Ultra Champion
‎03-28-2013 05:19 AM

Yes, but DO read the following first, just in case;

http://docs.splunk.com/Documentation/Splunk/latest/Installation/HowtoupgradeSplunk

0 Karma
Reply
Solved! Jump to solution

AaronMoorcroft
Communicator
‎03-28-2013 04:32 AM

Thank you thats a great help, so if I go ahead and install a full installation of Splunk over the top of what I already have, would I be right in presuming that it will just keep all the settings it currently has and that will be that ?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...