Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Updating to splunk 4.3 with existing 4.2 universal forwarders

neilstuartcraig
New Member
‎01-12-2012 02:09 AM

Hi all

We have an existing splunk install (2 x indexers, 1 x search head - all linux) on v 4.2 and quite a number (for various reasons) of servers (Windows 2008 R2) sending to the indexers which are using the v 4.2 universal forwarder.

Do i need to update all my universal forwarders to v 4.3 when updating the indexers and search head?

Also, if i install a v 4.3 universal forwarder which i configure to send to a 4.2 indexer, will it work/break?

Any advice gratefully received 🙂

Many thanks
Neil

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Drainy
Champion
‎01-12-2012 02:50 AM

You don't need to upgrade straight away, there will be some benefits if you have a look at the updates page but otherwise if you have a look at the following link (referenced through the release notes for 4.3 and following through to details on upgrading UF's) it states that the UF's are backwards and forwards compatible with all current versions.

http://docs.splunk.com/Documentation/Splunk/4.3/Deploy/Deploymentoverview#Indexer_and_universal_forw...

View solution in original post

Reply
Solved! Jump to solution

tpaulsen
Contributor
‎07-19-2012 03:12 AM

Are there any Security issues on the Universal Forwarder 4.2 to consider?

0 Karma
Reply
Solved! Jump to solution

neilstuartcraig
New Member
‎01-12-2012 03:19 AM

Brilliant, thanks very much, i missed that point when reading the upgrade document yesterday.

0 Karma
Reply
Solved! Jump to solution

Drainy
Champion
‎01-12-2012 03:20 AM

Thats alright. You won't be the first or last person to ask the question - there are quite a lot of docs to go through when upgrading 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

Drainy
Champion
‎01-12-2012 02:50 AM

You don't need to upgrade straight away, there will be some benefits if you have a look at the updates page but otherwise if you have a look at the following link (referenced through the release notes for 4.3 and following through to details on upgrading UF's) it states that the UF's are backwards and forwards compatible with all current versions.

http://docs.splunk.com/Documentation/Splunk/4.3/Deploy/Deploymentoverview#Indexer_and_universal_forw...

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...