TA Windows upgrade

New Member

Hi All,

I'm quite new to Splunk and I have a question regarding the upgrade for the TA Widows. Our infra consist of a SH cluster, index cluster, and universal forwarders.

At the moment the SH cluster has the TA version 5.0.1, indexers and universal forwarders have an old 4.8.4 version all seems to work just fine.

I now need to upgrade the TA to the version 6 and here comes my questions.

-  Would it be possible to still keep the old version and config on indexers and forwarders  ? From what I see most changes in v6 is the "merge" of the TA windows DNS and AD, for those change we need to copy indexes.conf and inputs.conf data from the DNS and AD app to the new TA Windows app. So if I'm correct if the indexer and forwarder still have the old apps the .conf file in those old app will still work and forward the logs right ? Am I missing other important changes that would need update or re-config ?

- if I can keep the old version will it work if I upgrade the indexer to Splunk 8 ? the version 4.8.4 is clearly not officially supported on Splunk 8 but as the indexer only use the Inputs.conf I suppose it will work right ? And the same for the universal forwarders ?

As I said I'm new to splunk so I maybe missed stuff... I want to keep those old version as I have a lot of stuff to do for the splunk 8 upgrade already so I'm trying to save time where I can and I will take care of this after the full upgrade to 8.

Thanks !

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...