Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarders to Intermediate Forwarders Compatibility

PramodhKumar
Explorer
‎02-26-2020 06:29 AM

Hi Chaps,

I have a confusion in selecting forwarder version to install.

Current Environment: I have 6 HF's(v6.5.1) forwarding the logs to Intermediate forwarders(v7.2.4) then to Indexers(v7.2.4).

Now I want to upgrade the HF's to latest version, so please suggest me on selecting the forwarder version to upgrade, I'm thinking to go with same version as Intermediate forwarder has(v7.2.4) but also thought why can't I go for v8.x.

If you provide the compatibility matrix(not this - https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ) would be appriciated.

Thanks,
Pramodh B

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

PramodhKumar
Explorer
‎02-26-2020 11:23 AM

Thank you, really helps

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...