Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarders to Intermediate Forwarders Compatibility

PramodhKumar
Explorer
‎02-26-2020 06:29 AM

Hi Chaps,

I have a confusion in selecting forwarder version to install.

Current Environment: I have 6 HF's(v6.5.1) forwarding the logs to Intermediate forwarders(v7.2.4) then to Indexers(v7.2.4).

Now I want to upgrade the HF's to latest version, so please suggest me on selecting the forwarder version to upgrade, I'm thinking to go with same version as Intermediate forwarder has(v7.2.4) but also thought why can't I go for v8.x.

If you provide the compatibility matrix(not this - https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/Compatibilitybetweenforwar... ) would be appriciated.

Thanks,
Pramodh B

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Legend
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Legend
‎02-26-2020 06:53 AM

Hi @PramodhKumar,
forwarders' version should be the same or lower than Indexers, in the past sometimes (Support hint to solve a bug) I used an higher version, but if possible it isn't a good practice (especially if we're speaking of 8 version)!
So if you're thinking to upgrade Indexers to 8.x.x, wait for completing the Indexers' upgrade then upgrade Forwarders to the same version.
If instead the upgrade to 8 of indexers is far from now, you could upgrade to the same Indexers' version 7.2.4.
My hint is waiting for a moment and upgrading all the infrastructure to the same latest version when possible.

Ciao.
Giuseppe

0 Karma
Reply
Solved! Jump to solution

PramodhKumar
Explorer
‎02-26-2020 11:23 AM

Thank you, really helps

0 Karma
Reply
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...