Getting Data In

Splunk v5 Forwarder

DaveSavage
Builder

Does anybody know, or could advise whether v5 can be used as a heavy forwarder to a 4.3 back end please? I did read the doco, promise...including p11 on known issues. The v5 installed ok on a Linux box including the usual suspects re accepting the T's & C's. The service is running ok. The Indexer is Windows based, all 64 bit.
Thanks guys.

0 Karma
1 Solution

DaveSavage
Builder

Forget that last guys, just Wiresharked it...it was my network. Level 2 Dave, Level 2...gah.

View solution in original post

Jon_Webster
Splunk Employee
Splunk Employee

Yes. Any Forwarder of 4.2+ can be used to send to a 4.2+ indexer, so a 5.x Heavy Forwarder can send to a 4.3 Indexer.

From the Splunk doc:

4.2+/5.0+ forwarders (universal/light/heavy) are backwards compatible down to 4.2+ indexers. For example, a 4.3 forwarder can send data to a 4.2 indexer but not to a 4.1 indexer.

Pre-4.2 forwarders are backwards compatible down to 4.0 indexers.

All indexers are backwards compatible with any forwarder and can receive data from any earlier version forwarder. For example, a 4.2 indexer can receive data from a 4.1 forwarder.

DaveSavage
Builder

Forget that last guys, just Wiresharked it...it was my network. Level 2 Dave, Level 2...gah.

Drainy
Champion

Someone downvoted your answer on your question, I upvoted it again to return the balance to 0 🙂 If someone genuinely answers a question or explains the cause then regardless of if someone did it by mistake, you can't downvote it as a bad answer... because its the answer! Anyway, rant over, nothing to see here...

0 Karma

DaveSavage
Builder

Damn ...did I down vote something Drainy?! Was it me? I shouldn't feel qualified to have an opinion on this. I've been using a Kindle Fire recently to access the SplunkBase if away from a desktop, and have to say it has yielded some 'unpredictable results'! I know...don't blame the technology 😉

0 Karma

Drainy
Champion

Why on earth would you downvote an answer someone posts which explains the solution to their problem? Glad you got it sorted

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...