Splunk® Data Stream Processor

Use the Data Stream Processor

DSP 1.2.0 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.4. See Upgrade the Splunk Data Stream Processor to 1.2.4 for upgrade instructions.

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

About the Streaming ML Plugin

The Streaming ML plugin offers a machine-learning powered data ingestion experience with a range of functions that perform in-flight data analysis. Using real time machine learning, models are constantly updated. Trained models both learn on the stream and score on the stream.

You must install the Streaming ML plugin to access these functions.

Streaming ML functions are orders of magnitude faster than alternative approaches to machine learning. On average, these functions process up to 10K records per second (approximately 150 GB per day). Higher throughput volumes may experience some delay.

What the plugin includes

The Streaming ML plugin offers several streaming functions and two aggregation functions.

All Streaming ML functions are currently in beta.

Streaming functions:

Aggregation functions:

How to install the Streaming ML plugin

Use the following directions to install the Streaming ML plugin for your .


  • version 1.2 (and above) on-prem is installed on the machine.
  • The machine is configured with SCloud command-line tool.

To learn about SCloud, see Get started with SCloud.

Installation steps

  1. On the master node of the cluster or on a single instance machine, navigate to the working directory.
    cd <dsp-folder-name>
  2. Run the "deploy-ml-plugin" command to install the plugin. You must run the command with root permission.
  3. You will be prompted to enter the administrator password for your .
    Please enter DSP password:
  4. Once you enter the password and installation is complete, a success message appears:
    [OK] Splunk Streaming ML Plugin is uploaded successfully!
  5. Reload the browser page and the Streaming ML functions appear.

Uninstall the plugin

To uninstall the Streaming ML plugin, run the command with a -d option.

The following example shows the command with a -d option:

sudo ./deploy-ml-plugin -d

Once the uninstall is complete, a success message appears:

[OK] Plugin deleted: 4b4b921a-5455-4bd0-8878-f0920d48c333.
Last modified on 07 October, 2021
Troubleshoot lookups to the Splunk Enterprise KV Store   Create custom functions with the SDK

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters