- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Cloud Platform
- :
- Splunk Cloud Upgrade
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Cloud Upgrade
Hi All,
We are running with Splunk Cloud 7.2.9.1 version in our environment. And now we are planning to upgrade the same to 8.0. and above version.
So I have logged a ticket to Splunk Support for upgrading the core Splunk Cloud they said to review the Cloud Monitoring Console App installed in the Search head and then have navigated to Splunk Upgrade Dashboard.
Splunk App Compatibility Summary
Forwarder Compatibility
Forwarder Count by Status
Here in the Forwarder Count by Status i can see under Provisional some 10 client machines and in Upgrade Needed i can see around 20 client machines.
So when i viewed the list i came to know that most of the servers are Windows 2003 OS and they are running with Splunk Forwarder version of 6.2.15 and few of them are RHEL 5 (5.11) running with 6.5.1 Splunk Forwarder version.
So as of now teams are working to decommission this old servers but it might take few months but still I want to know If we upgrade the core Splunk Cloud to 8.0 and above will be the client machines running with OS (Win2k3 & RHEL 5 (5.11)) and Splunk Forwarder versions (6.2.15 & 6.5.1) are able to ingest logs into Splunk Cloud without any issues?
Kindly help to know on my request.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation on supported forwarders for SplunkCloud (https://docs.splunk.com/Documentation/SplunkCloud/8.0.2004/Service/SplunkCloudservice#Supported_Forw...) states that the minimum supported forwarder version for a 8.0 cloud stack is 7.2.x (Until October 2020) which means strictly speaking anything less than that currently isnt supported.
Having said that, there is obviously a difference between what is *supported* and what *works*....
This page on compatibility between forwarders and indexers (https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/Compatibilitybetweenforwardersandind...) suggests that you will need at least a version 7.x forwarder to send to SplunkCloud.
If its not possible to upgrade your 6.x instances, whilst not necessarily best practice, you may be able to use an Intermediary Forwarder running 7.3 to receive your 6.x traffic and send on to Splunk Cloud running 8.x
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
