Splunk Enterprise

Forwarder/Indexer compatibility with Intermediate Forwarders

jdmclemore
Path Finder

I've read all the compatibility matrix docs, but I'm not sure how my situation fits into it. Specifically compatibility when sending data through intermediate Heavy Forwarders.

Here's my current environment, and everything is working fine:

UF's (6.3.x - 7.x) ---> Intermediate HF's (7.3.6) ---> Indexer cluster (7.3.6)

I need to point my HF's at newly built 8.x indexers (not upgrading existing indexers - these are new indexers at a new location). Will I have a problem? 

I know that 6.x UFs cant send to 8.x indexers, but am I getting around the problem with a 7.x Intermediate HF? And yes, ideally I would like all UFs to be upgraded, but this situation is temporary.

Thanks!

Labels (1)
0 Karma
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi jdmclemore,

Yes you will be fine using the 7.3.x intermediate HF's. But remember that you might have to change some SSL related settings on them if you have those 6.x UF's sending events over S2S using SSL see the docs here https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Compatibilitybetweenforwardersandind...

Hope that helps ...

cheers, MuS

View solution in original post

MuS
SplunkTrust
SplunkTrust

Hi jdmclemore,

Yes you will be fine using the 7.3.x intermediate HF's. But remember that you might have to change some SSL related settings on them if you have those 6.x UF's sending events over S2S using SSL see the docs here https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Compatibilitybetweenforwardersandind...

Hope that helps ...

cheers, MuS

jdmclemore
Path Finder

Thanks!

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...