Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Forwarder to Indexer compatibility (legacy versions)

sarlacc
Explorer
‎10-12-2023 09:15 AM

I am aware of this site:  https://docs.splunk.com/Documentation/Splunk/7.2.10/Forwarding/Compatibilitybetweenforwardersandinde...

I have several simple Splunk implementations (all functions run on one server).  My indexers are a mixture of 6.5 and 6.6.

I plan on upgrading to 7.2.10 with the eventual goal of getting to the latest version.

First, I'd like to understand what forwarders can communicate with indexers.  The link above relates to 7.0.0 and later.  I'm at 6.5/6.6 as stated earlier.

Secondly, I know I need to upgrade splunk to various incremental versions before I get to 9.x.   What is the recommended path to upgrading to 9.x?  Since I'm 6.5 or 6.6, I believe my next is 7.2.10 (is that right?).  But what is the path after that?

Thanks for the help!

 

Labels (1)
Labels
0 Karma
Reply

sarlacc
Explorer
‎10-15-2023 03:45 PM

Thanks @richgalloway

I'm aware that best practice is indexers are same or later than forwarders (https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjR1urKjfmBA...)

 

While I won't leave it this way, would that mean I could leave forwarders at 6.6 while I do the upgrades on the indexers (to 9.1.1) in my environment?  And then when I have time I'll upgrade the forwarders?  I had in my mind that I would have to upgrade forwarders incrementally while I upgrade the indexer, but seems like that isn't the case.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-15-2023 05:07 PM

The upgrade sequence is Managers, Search Heads, Indexers, Forwarders.  Each layer must be at the same or higher version than the next layer.  Note that you may have to go through the sequence a few times to get everything up to the newest version while honoring step levels.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-12-2023 09:24 AM

After upgrading to 7.2.10, the next step is 8.2.5 then 9.x.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...