Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is my Splunk 4.1 Indexer fully backwards compatable with older forwarders?

kbecker
Communicator
‎04-14-2010 03:31 PM

Is Splunk 4.1 (indexer & search) still compatible with 3.4.11 forwarders? Is so are there any features in 4.1 that would not function when using the 3.4.11 forwarders, such as Real-Time search or Live Dashboards?

  • Indexer - 4.09 (looking to upgrade to 4.1)
  • Search - 4.09 (looking to upgrade to 4.1)
  • Deployment - 3.4.11
  • Forwarder - 3.4.11 (lightweight)

Thanks

Tags (1)
Reply
2 Solutions
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:23 PM

AutoLB functionality was introduced in 4.0, so indeed 3.4.x will not have that functionality.

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top