Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal Forwarder version 9 issues with 8.2.7 indexers and forwarders?

ITSplunk117
Explorer
‎06-28-2023 05:04 AM

Hello,

We're looking to upgrade our universal forwarder to version 9.x and since I haven't found anything definitive yet I wanted to ask on here if there's any issues, I should be aware of with UF v9.x and v. 8.2.7 indexers and forwarders.

thanks

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-28-2023 05:27 AM

Hi @ITSplunk117 ,

as @richgalloway said, it's always a best practice to have on the Indexers the same or higher version of the Forwarders, so, don't upgrade your Forwarders until you upgraded Indexers.

About know issue, there isn't anything about the required upgrade.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

ITSplunk117
Explorer
‎06-28-2023 05:33 AM

Thank you,
I have seen that page, wondering if there was any more detailed document(s) about compatibility issues.  Was told to research this and just have to try looking into it further.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎06-28-2023 05:48 AM

Hi @ITSplunk117,

in tis page it's described the compatibility map between Indexers and Forwarders https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... and it seems that it's possible to have an higher version of the Forwarder than the Indexer, and probably they will run.

But it's also written: "As a best practice, forwarders should communicate with indexers that are the same or higher version."

As me and @richgalloway said.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎06-28-2023 05:27 AM

Hi @ITSplunk117 ,

as @richgalloway said, it's always a best practice to have on the Indexers the same or higher version of the Forwarders, so, don't upgrade your Forwarders until you upgraded Indexers.

About know issue, there isn't anything about the required upgrade.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

ITSplunk117
Explorer
‎06-28-2023 05:36 AM

That'll work for me thank you.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎06-28-2023 05:19 AM

I prefer to keep each tier at a lower-or-equal version than the higher tier, but that's not much of a factor with UFs.  Have you seen https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ?

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...