Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarders to Intermediate Forwarders Compatibility

PramodhKumar
Explorer
‎02-26-2020 06:29 AM

Hi Chaps,

I have a confusion in selecting forwarder version to install.

Current Environment: I have 6 HF's(v6.5.1) forwarding the logs to Intermediate forwarders(v7.2.4) then to Indexers(v7.2.4).

Now I want to upgrade the HF's to latest version, so please suggest me on selecting the forwarder version to upgrade, I'm thinking to go with same version as Intermediate forwarder has(v7.2.4) but also thought why can't I go for v8.x.

If you provide the compatibility matrix(not this - https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ) would be appriciated.

Thanks,
Pramodh B

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

PramodhKumar
Explorer
‎02-26-2020 11:23 AM

Thank you, really helps

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...