Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk v5 Forwarder

DaveSavage
Builder
‎10-31-2012 11:26 AM

Does anybody know, or could advise whether v5 can be used as a heavy forwarder to a 4.3 back end please? I did read the doco, promise...including p11 on known issues. The v5 installed ok on a Linux box including the usual suspects re accepting the T's & C's. The service is running ok. The Indexer is Windows based, all 64 bit.
Thanks guys.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DaveSavage
Builder
‎10-31-2012 11:58 AM

Forget that last guys, just Wiresharked it...it was my network. Level 2 Dave, Level 2...gah.

View solution in original post

Reply
Solved! Jump to solution

Jon_Webster
Splunk Employee
Splunk Employee
‎01-08-2013 10:06 PM

Yes. Any Forwarder of 4.2+ can be used to send to a 4.2+ indexer, so a 5.x Heavy Forwarder can send to a 4.3 Indexer.

From the Splunk doc:

4.2+/5.0+ forwarders (universal/light/heavy) are backwards compatible down to 4.2+ indexers. For example, a 4.3 forwarder can send data to a 4.2 indexer but not to a 4.1 indexer.

Pre-4.2 forwarders are backwards compatible down to 4.0 indexers.

All indexers are backwards compatible with any forwarder and can receive data from any earlier version forwarder. For example, a 4.2 indexer can receive data from a 4.1 forwarder.

Reply
Solved! Jump to solution
Solution

DaveSavage
Builder
‎10-31-2012 11:58 AM

Forget that last guys, just Wiresharked it...it was my network. Level 2 Dave, Level 2...gah.

Reply
Solved! Jump to solution

Drainy
Champion
‎01-09-2013 02:09 PM

Someone downvoted your answer on your question, I upvoted it again to return the balance to 0 🙂 If someone genuinely answers a question or explains the cause then regardless of if someone did it by mistake, you can't downvote it as a bad answer... because its the answer! Anyway, rant over, nothing to see here...

0 Karma
Reply
Solved! Jump to solution

DaveSavage
Builder
‎01-09-2013 10:50 AM

Damn ...did I down vote something Drainy?! Was it me? I shouldn't feel qualified to have an opinion on this. I've been using a Kindle Fire recently to access the SplunkBase if away from a desktop, and have to say it has yielded some 'unpredictable results'! I know...don't blame the technology 😉

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎01-09-2013 12:21 AM

Why on earth would you downvote an answer someone posts which explains the solution to their problem? Glad you got it sorted

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...