Splunk® Data Stream Processor

Install and administer the Data Stream Processor

Acrobat logo Download manual as PDF


DSP 1.2.0 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.4. See Upgrade the Splunk Data Stream Processor to 1.2.4 for upgrade instructions.

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Hardware and Software Requirements

The Splunk Data Stream Processor (DSP) officially supports the following hardware and software versions.

Forwarders versions

The Splunk Data Stream Processor officially supports Splunk Forwarders 7.0 to 8.0.5.

Browser versions

The Splunk Data Stream Processor officially supports these browsers:

  • Chrome 77.0 and above
  • Safari (latest)
  • Firefox (latest)
  • Microsoft Edge 12 and above

Operating system versions

The Splunk Data Stream Processor officially supports the following Linux Operating Systems. In all cases, Linux kernel version 3.10.0-1127 or higher is required.

  • Amazon Linux 2
  • Centos: 7.x and 8.0, 8.1, and 8.2
  • Red Hat: 7.x and 8.0, 8.1, and 8.2
  • Ubuntu: 16.04, 18.04

You cannot run the Splunk Data Stream Processor on any operating system with FIPS mode enabled.

Splunk Enterprise versions

The Data Stream Processor officially supports sending data to Splunk Enterprise 7.1.0+ instances hosted on Linux.

Hardware Requirements

Your clustered deployment must have a minimum of three nodes with each node having the following specifications. We recommend having five nodes for high availability.

Hardware Specifications
CPU cores Minimum: 8 physical cores or 16 vCPUs

Recommended: 16 physical cores or 32 vCPUs

CPU architecture x86 (64-bit)
Network speed 10 Gb/s or higher
Memory 64 GB, 128 GB recommended
Storage Enough disk space in /var/lib/gravity to support 24 hours of data retention. 1 TB of storage recommended. This is where Gravity stores containers and state information. You can change where Gravity stores this information at install-time. See the Extract and run the Data Stream Processor installer section on the Install the Data Stream Processor topic for more information.

To reduce the latency of communication between DSP components, all nodes in the DSP cluster should be interconnected via a low-latency network. For example, in cloud deployments, components must be placed in the same region and availability zone. DSP does not support multiple availability zones.

Last modified on 11 March, 2022
PREVIOUS
What's in the installer directory?
  NEXT
Port configuration requirements

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.1.0, 1.2.0, 1.2.1-patch02


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters