Knowledge Management

Are there any dangers to our Splunk Infrastructure with running old apps that haven't been updated for Splunk 6.x?

coleman07
Path Finder

We are getting requests for apps which haven't been updated since Splunk went from 5.x to 6.x. Besides the fact the app may not run (not an issue with this particular app), is there any reason to believe that such an app would impact our splunk infrastructure because it is a 5.x app? I know some apps will cause performance issues because they have poorly designed searches or didn't use such things like summary indexes. I would argue that even Splunk 6 apps could cause similar issues.

woodcock
Esteemed Legend

The main thing is that the app might not run correctly because Splunk has moved some stuff around. For examples some logs have changed format and location (they added _introspection), etc. Personally, I would have no concerns about an older app causing a problem with your Splunk cluster, and have never seen one do so, but this is a big judgment call so i would get some other opinions.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...