Splunk® Data Stream Processor

Install and administer the Data Stream Processor

DSP 1.2.1 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.4. See Upgrade the Splunk Data Stream Processor to 1.2.4 for upgrade instructions.

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

Hardware and Software Requirements

The Splunk Data Stream Processor (DSP) officially supports the following hardware and software versions.

Forwarders versions

The Splunk Data Stream Processor officially supports Splunk Forwarders 7.0 to 8.1.x.

Browser versions

The Splunk Data Stream Processor officially supports these browsers:

  • Chrome 77.0 and above
  • Safari (latest)
  • Firefox (latest)
  • Microsoft Edge 12 and above

Operating system versions

DSP will generally work on newer versions of Linux Operating Systems, but it is only officially tested on the OS versions available at the time of release. Any exceptions will be listed in the Known Issues.

DSP has been tested and validated on the following OS versions. In all cases, Linux kernel version 3.10.0-1127 or higher is required.

  • Amazon Linux 2
  • Centos: 7.x and 8.0, 8.1, and 8.2
  • Red Hat: 7.x and 8.0, 8.1, 8.2, and 8.3.
  • Ubuntu: 16.04, 18.04

Before you choose which operating system to install the Splunk Data Stream Processor on, review the Known Issues page. Some operating systems have known issues and might require workarounds to install and administer the Splunk Data Stream Processor successfully.

You cannot run the Splunk Data Stream Processor on any operating system with FIPS mode enabled.

Splunk Enterprise versions

The Data Stream Processor officially supports sending data to Splunk Enterprise 7.1.0+ instances hosted on Linux.

Hardware Requirements

Your clustered deployment must have a minimum of three nodes with each node having the following specifications. We recommend having five nodes for higher availability.

Hardware Specifications
CPU cores Minimum: 8 physical cores or 16 vCPUs

Recommended: 16 physical cores or 32 vCPUs

CPU architecture x86 (64-bit)
Network speed 10 Gb/s or higher
Memory 64 GB, 128 GB recommended
Storage Enough disk space in /var/lib/gravity to support 24 hours of data retention. 1 TB of storage recommended. This is where Gravity stores containers and state information. You can change where Gravity stores this information at install-time. See the Extract and run the Splunk Data Stream Processor installer section on the Install the Splunk Data Stream Processor topic for more information.
Storage type The Splunk Data Stream Processor requires low latency storage. You should install the Splunk Data Stream Processor on SSDs.


Additionally, each master node that the Splunk Data Stream Processor is installed on must provide at least 10 sequential write IOPS, although at least 50 is recommended.

To reduce the latency of communication between DSP components, all nodes in the DSP cluster should be interconnected via a low-latency network. For example, in cloud deployments, components must be placed in the same region and availability zone. DSP does not support multiple availability zones.

Last modified on 11 March, 2022
What's in the installer directory?   Port configuration requirements

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1, 1.2.2-patch02


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters