Solved: Splunk Hadoop Connector: will it work with version...

the_wolverine · ‎01-17-2013

I realize the Splunk Hadoop Connector requires forwarder version 5.x. Will it work properly if I attempt to forward to 4.x indexers?

the_wolverine · ‎01-22-2013

Based on this line of documentation, it looks like it is possible to use a 5.x forwarder to send to 4.2.x (and later) indexers.

These are the compatibility restrictions between versions of forwarders and indexers:

4.2+/5.0+ forwarders (universal/light/heavy) are backwards compatible down to 4.2+ indexers. For example, a 4.3 forwarder can send data to a 4.2 indexer but not to a 4.1 indexer.

View solution in original post

the_wolverine · ‎01-22-2013

Based on this line of documentation, it looks like it is possible to use a 5.x forwarder to send to 4.2.x (and later) indexers.

These are the compatibility restrictions between versions of forwarders and indexers:

4.2+/5.0+ forwarders (universal/light/heavy) are backwards compatible down to 4.2+ indexers. For example, a 4.3 forwarder can send data to a 4.2 indexer but not to a 4.1 indexer.

nfilippi_splunk · ‎01-18-2013

To import data from Hadoop HDFS into Splunk, you are correct, it does require Splunk 5.0 or later forwarder, which supports modular inputs.

For indexer/forwarder compatibility, I would refer to the following docs:
http://docs.splunk.com/Documentation/Splunk/5.0.1/Deploy/Enableareceiver#Compatibility_between_forwa...

Splunk Hadoop Connector: will it work with version 4.x indexers?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases