Getting Data In

Updating to splunk 4.3 with existing 4.2 universal forwarders

neilstuartcraig
New Member

Hi all

We have an existing splunk install (2 x indexers, 1 x search head - all linux) on v 4.2 and quite a number (for various reasons) of servers (Windows 2008 R2) sending to the indexers which are using the v 4.2 universal forwarder.

Do i need to update all my universal forwarders to v 4.3 when updating the indexers and search head?

Also, if i install a v 4.3 universal forwarder which i configure to send to a 4.2 indexer, will it work/break?

Any advice gratefully received 🙂

Many thanks
Neil

0 Karma
1 Solution

Drainy
Champion

You don't need to upgrade straight away, there will be some benefits if you have a look at the updates page but otherwise if you have a look at the following link (referenced through the release notes for 4.3 and following through to details on upgrading UF's) it states that the UF's are backwards and forwards compatible with all current versions.

http://docs.splunk.com/Documentation/Splunk/4.3/Deploy/Deploymentoverview#Indexer_and_universal_forw...

View solution in original post

tpaulsen
Contributor

Are there any Security issues on the Universal Forwarder 4.2 to consider?

0 Karma

neilstuartcraig
New Member

Brilliant, thanks very much, i missed that point when reading the upgrade document yesterday.

0 Karma

Drainy
Champion

Thats alright. You won't be the first or last person to ask the question - there are quite a lot of docs to go through when upgrading 🙂

0 Karma

Drainy
Champion

You don't need to upgrade straight away, there will be some benefits if you have a look at the updates page but otherwise if you have a look at the following link (referenced through the release notes for 4.3 and following through to details on upgrading UF's) it states that the UF's are backwards and forwards compatible with all current versions.

http://docs.splunk.com/Documentation/Splunk/4.3/Deploy/Deploymentoverview#Indexer_and_universal_forw...

Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...