Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarder/Indexer compatibility with Intermediate Forwarders

jdmclemore
Path Finder
‎10-22-2020 11:26 AM

I've read all the compatibility matrix docs, but I'm not sure how my situation fits into it. Specifically compatibility when sending data through intermediate Heavy Forwarders.

Here's my current environment, and everything is working fine:

UF's (6.3.x - 7.x) ---> Intermediate HF's (7.3.6) ---> Indexer cluster (7.3.6)

I need to point my HF's at newly built 8.x indexers (not upgrading existing indexers - these are new indexers at a new location). Will I have a problem? 

I know that 6.x UFs cant send to 8.x indexers, but am I getting around the problem with a 7.x Intermediate HF? And yes, ideally I would like all UFs to be upgraded, but this situation is temporary.

Thanks!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎10-22-2020 12:07 PM

Hi jdmclemore,

Yes you will be fine using the 7.3.x intermediate HF's. But remember that you might have to change some SSL related settings on them if you have those 6.x UF's sending events over S2S using SSL see the docs here https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Compatibilitybetweenforwardersandind...

Hope that helps ...

cheers, MuS

View solution in original post

Reply
Solved! Jump to solution
Solution

MuS
Legend
‎10-22-2020 12:07 PM

Hi jdmclemore,

Yes you will be fine using the 7.3.x intermediate HF's. But remember that you might have to change some SSL related settings on them if you have those 6.x UF's sending events over S2S using SSL see the docs here https://docs.splunk.com/Documentation/Forwarder/7.3.0/Forwarder/Compatibilitybetweenforwardersandind...

Hope that helps ...

cheers, MuS

Reply
Solved! Jump to solution

jdmclemore
Path Finder
‎10-26-2020 07:26 AM

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...