- Community
- :
- Splunk Answers
- :
- Splunk Premium Solutions
- :
- IT Ops Premium Solutions
- :
- Splunk IT Service Intelligence
- :
- Forwarders to Intermediate Forwarders Compatibilit...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Chaps,
I have a confusion in selecting forwarder version to install.
Current Environment: I have 6 HF's(v6.5.1) forwarding the logs to Intermediate forwarders(v7.2.4) then to Indexers(v7.2.4).
Now I want to upgrade the HF's to latest version, so please suggest me on selecting the forwarder version to upgrade, I'm thinking to go with same version as Intermediate forwarder has(v7.2.4) but also thought why can't I go for v8.x.
If you provide the compatibility matrix(not this - https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ) would be appriciated.
Thanks,
Pramodh B
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Thank you, really helps
It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!
Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>
Or Learn More in Our Blog >>
