Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is my Splunk 4.1 Indexer fully backwards compatable with older forwarders?

kbecker
Communicator
‎04-14-2010 03:31 PM

Is Splunk 4.1 (indexer & search) still compatible with 3.4.11 forwarders? Is so are there any features in 4.1 that would not function when using the 3.4.11 forwarders, such as Real-Time search or Live Dashboards?

  • Indexer - 4.09 (looking to upgrade to 4.1)
  • Search - 4.09 (looking to upgrade to 4.1)
  • Deployment - 3.4.11
  • Forwarder - 3.4.11 (lightweight)

Thanks

Tags (1)
Reply
2 Solutions
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:23 PM

AutoLB functionality was introduced in 4.0, so indeed 3.4.x will not have that functionality.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...