Getting Data In

windows 2003 servers monitor using Splunk 8.0


I know both Microsoft and Splunk not supporting OS and UF(6.x) for windows 2003.And not compatible to send 6.x UF data to 8.x Indexers.

But still is there any way to monitor Windows 2003 servers using 8.x Indexers?

Any work arounds?

0 Karma



Upgrade your 20 year old server software to something more recent. By not doing so, you are trying to trap everything in your environment to S2003 compatibility levels, which is very much not smart. "Make sure we keep AD at 1997 levels, Splunk at version 7.2 with known flaws, VMware at nothing newer than 2009 versions, etc..."

Or wall it off so tight, incoming and outgoing, and lock it down so hard regular users aren't even allowed to know it's there, and make sure it's air-gapped (twice!) and that the only way to use the machine is to walk into the server room, do a dance, and manually insert the floppy disk with your data into the floppy disk drive (ha, which you can't even find any more) and tell it to read it. As long as you never use that floppy anywhere else, I think that's fine.

Server 2003 was tossed on the trash heap half a decade ago when even its mother decided it was too ugly. It's older than my daughters. It's older than either of my current cars, my previous cars, and I think older than $car-5 but I'd have to look. It's older than my house which is almost finished being built so that's probably not fair 🙂 But it's older than my previous house which was built in 2009. Heck, it's as old as the house I built before that, which was 2003! There's a not unlikely chance that Server 2003 was out before you graduated high school. Seriously.

If the application it was running is business critical, then the business will find a way to migrate it, replace it, or otherwise make this a non issue. Businesses tend to be mildly risk averse, and this is as risky as standing on floating chunks of rock, in a lava bed, while holding a can of gasoline, and while drenched with rubbing alcohol.

Surely the Business would figure out They Are At High Risk if someone explained it to them. Their entire infrastructure is at risk, in fact.

If the application is not actually business critical, then turn it off and decomission the servers.

Then upgrade to splunk 8, and be happy and content.