Getting Data In

HTTP Event Collector: Can I set up a farm of Splunk 6.3 forwarders and send them to to 6.1 indexers?

a212830
Champion

Hi,

I have customers interested in using the HTTP event collector, but I'm still running 6.1 indexers and search heads. Can I set up a farm of 6.3 forwarders and send them to 6.1 indexers?

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

Hi folks

We've just added new documentation on distributed deployment. You can find it here.

gblock_splunk
Splunk Employee
Splunk Employee

Yes you can have 6.3 Event Collector instances which forward to 6.2. In the configuration of EC you can select an output group for it to forward to. The receiving indexers do not have to be 6.3.

As to the UF, it is not supported today, though it may work. Only HWF is supported from a forwarder perspective.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
http://docs.splunk.com/Documentation/Splunk/latest/admin/Inputsconf

I'm not seeing anything that says that the functionality does not exist on [universal] forwarders but haven't tried. I'd say give it a try and see? You can run a curl command against it to see if it catches your http request.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...