Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Newest forwarders compatibility with older version of Splunk Enterprise

nessaner
Explorer
‎05-12-2024 12:22 PM

Hello, 
There is this old system where we want to upgrade splunk to the newest version
First we want to upgrade the forwarders on 3 test servers 
The current version of splunk universal forwarder is 7.0.3.0
We want to rise it to the 9.21
Would that version works for the time being with Splunk Enterprise 7.3.1?

I know it would be better first upgrade the enterprise, as best practice is to use indexers with versions that are the same or higher than forwarder versions. (but there is hesitation to upgrade indexers first, as it's used also for data from production)
But would it be possible to do forwarders first? 


Edit: Upgrade was succesfull 😄 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-12-2024 02:06 PM

Yes, it is possible to upgrade forwarders first.  As you've noted, that is contrary to the published procedures and may not work.  Also, Splunk version 7.3.1 is well outdated so there is no guidance about its compatibility with other versions.

This will be an interesting experiment.  Please let us know how it goes.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

nessaner
Explorer
‎05-13-2024 01:26 AM

Hi, we decided to create backups and just go for it.
It worked fine! After upgrade everything is indexing without any issues. Also no problem during upgrade from msi.
Thanks for giving us a little courage I guess. We decided to "experiment". For the greater good heh.

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-12-2024 02:06 PM

Yes, it is possible to upgrade forwarders first.  As you've noted, that is contrary to the published procedures and may not work.  Also, Splunk version 7.3.1 is well outdated so there is no guidance about its compatibility with other versions.

This will be an interesting experiment.  Please let us know how it goes.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...