Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is my Splunk 4.1 Indexer fully backwards compatable with older forwarders?

kbecker
Communicator
‎04-14-2010 03:31 PM

Is Splunk 4.1 (indexer & search) still compatible with 3.4.11 forwarders? Is so are there any features in 4.1 that would not function when using the 3.4.11 forwarders, such as Real-Time search or Live Dashboards?

  • Indexer - 4.09 (looking to upgrade to 4.1)
  • Search - 4.09 (looking to upgrade to 4.1)
  • Deployment - 3.4.11
  • Forwarder - 3.4.11 (lightweight)

Thanks

Tags (1)
Reply
2 Solutions
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:27 PM

The short version is 3.4.x forwarders should work just as well with 4.1.x as they did with 4.0.x. If you are upgrading indexers or other central service nodes (deployment server, search head, etc) from 3.x, please read http://www.splunk.com/base/Documentation/4.0.10/Installation/Whattoexpectwhenupgradingto4.0 and http://docs.splunk.com/Documentation/Splunk/4.1/Installation/Aboutupgradingto4.1READTHISFIRST

If you are upgrading your central nodes from 4.0.x to 4.1.x, there should be no changes in interoperation between forwarders and those central nodes.

Real-time search is implemented wholly on the indexing (and search head and UI) side. The forwarder is not involved.

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎04-14-2010 06:00 PM

Yes, Splunk 3.4 will forward fine to 4.1 and this is a supported configuration.

All indexer functionality and search functionality will work identically and the indexer is indifferent to the version of the forwarder, although I am not certain if 3.4.11 Light Forwarders can do autoLB (to distribute data across multiple indexer nodes). There may be some issues regarding proper detection of multi-byte character sets with older forwarder versions that may require different configurations on indexer, forwarder, or both.

3.4 clients are not compatible or manageable with 4.x Deployment Server.

Reply
Solved! Jump to solution

jrodman
Splunk Employee
Splunk Employee
‎04-14-2010 06:23 PM

AutoLB functionality was introduced in 4.0, so indeed 3.4.x will not have that functionality.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...