Solved: Can I install Splunk UF version 9.0.3 version in t...

anandhalagaras1 · ‎02-06-2023

We are running with Splunk Cloud version 9.0.2208.4 and all the other components such as HF and other client machines are running with a minimum of version 9.0 and above but we have few critical Windows client machine running with Windows 2008 R2 OS. And there are very important critical logs needs to be ingested into Splunk from those machines.

So can i install Splunk UF version 9.0.3 version in those Windows 2008 R2 machines will it be able to collect logs and is it supported?

Or do I need to install some lower version and get them ingested? What is the recommended solution to get the logs ingested into Splunk.

Kindly help on the same.

gcusello · ‎02-06-2023

Hi @anandhalagaras1,

it seems to be compatible: https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar...

Ciao.

Giuseppe

View solution in original post

gcusello · ‎02-06-2023

Hi @anandhalagaras1,

the last supported version od Splunk Universal Forwarder, certified on Windows 2008/R2, is 2.7.9.1 (https://www.splunk.com/en_us/download/previous-releases-universal-forwarder.html#)

I don't know the end supporting date of this release, but I suppose it will not be very long!

Ciao.

Giuseppe

anandhalagaras1 · ‎02-06-2023

@gcusello,

Thanks for your response.

So i believe its 7.2.9.1 version. But one query is that if we install 9.0.3 version will it work and whether it can able to collect the logs from windows 2008 R2 client?

gcusello · ‎02-06-2023

Hi @anandhalagaras1,

it seems to be compatible: https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar...

Ciao.

Giuseppe

anandhalagaras1 · ‎02-06-2023

@gcusello ,

Sorry to disturb so just curious to know whether i can go ahead and install 9.0.3 or 7.2.9.1 which one is recommended?

since for 7.0.x UF version Splunk indexer 9.0.x is supported.

gcusello · ‎02-06-2023

Hi @anandhalagaras1,

on 2008/R2 7.2.9.1 is supported and certified so use it, probably also the new 9.x will run but it isn't certified and if you have problems Splunk Support doesn't help you.

Ciao.

Giuseppe

anandhalagaras1 · ‎02-06-2023

@gcusello ,

Thank you..

anandhalagaras1 · ‎02-06-2023

@gcusello ,

Thank you for the confirmation.

So i will go ahead and install 9.0.3 latest version in my Windows 2008 R2 machine and will check whether the events are getting ingested as desired.

gcusello · ‎02-06-2023

Hi @anandhalagaras1,

if one answer solves your need, please accept one answer for the other people of Community or tell me how I can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

anandhalagaras1 · ‎02-06-2023

@gcusello ,

I have accepted the answer and provided the Karma points as well.

Thank you..

anandhalagaras1 · ‎02-06-2023

@gcusello Can you kindly help on my requirement please.v

anandhalagaras1 · ‎02-06-2023

Can anyone kindly help on my request please.

Can I install Splunk UF version 9.0.3 version in those Windows 2008 R2 machines will it be able to collect logs?

universal forwarder

Windows

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?