Splunk ITSI

Forwarders to Intermediate Forwarders Compatibility

PramodhKumar
Explorer

Hi Chaps,

I have a confusion in selecting forwarder version to install.

Current Environment: I have 6 HF's(v6.5.1) forwarding the logs to Intermediate forwarders(v7.2.4) then to Indexers(v7.2.4).

Now I want to upgrade the HF's to latest version, so please suggest me on selecting the forwarder version to upgrade, I'm thinking to go with same version as Intermediate forwarder has(v7.2.4) but also thought why can't I go for v8.x.

If you provide the compatibility matrix(not this - https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ) would be appriciated.

Thanks,
Pramodh B

Labels (2)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

0 Karma

PramodhKumar
Explorer

Thank you, really helps

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...