We're configured for 9.1 updates/apps, I recognize that 9.2.1 is a new (minor? major?) version, however 9.2 isn't listed as an option in the list. I'm guessing "Splunk...Latest" is probably what I want to be subscribed to although in a cursory search I also don't see 9.2.1 listed. Please advise :)
We have Splunk 9.2.1 in "Latest" update pls select one of the following
Splunk Universal Forwarder 9.2.1 Latest (x64)
Splunk Universal Forwarder 9.2.1 Latest (x86)
We'll also be investigating if 9.2 needs to be added as its own product, which I believe it will be!
Thanks to you both.
Splunk, at least ours, requires a lot of customization. I'm afraid to let it go latest because our infrastructure policies mean we can't go bleeding edge until a burn in period is over unless there's a critical vuln to mitigate—but also, no unnecessary changes for the sake of changes especially with agents.
But...every time a new minor version is a new app, I have to redo the customizations.
I suppose I should let it roll with latest and change how I'm deploying it? Maybe I'm overthinking it.
So if you are always going to the latest version of Splunk, ie: going from 9.1 to 9.2 when it is released, you should stick with latest. If you stick on a specific release for an extended period of time, choose that release instead, then move your customizations over.
You could also publish both, then pick and choose which one to deploy based on your needs, but that may get too complicated.
I can also confirm that we will be adding a separate entry for 9.2 to the catalog early next week.
Thanks Andrew.
I did go ahead and publish the latest version for testing. We never update agents in place so I suppose it won't hurt me to always let it do bleeding edge updates, splunk is just weird. 9 to 9.1 introduced breaking changes, which is probably why you have it as a separate app! Then they iterated 9.1.4 to 9.2 in less than a month.
Appreciate the responses!