On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
Hardware and Software Requirements
The Splunk Data Stream Processor (DSP) officially supports the following hardware and software versions.
Forwarders versions
The Splunk Data Stream Processor officially supports Splunk Forwarders 7.0 to 8.1.x.
Browser versions
The Splunk Data Stream Processor officially supports these browsers:
- Chrome 77.0 and above
- Safari (latest)
- Firefox (latest)
- Microsoft Edge 12 and above
Operating system versions
DSP will generally work on newer versions of Linux Operating Systems, but it is only officially tested on the OS versions available at the time of release. Any exceptions will be listed in the Known Issues.
DSP has been tested and validated on the following OS versions. In all cases, Linux kernel version 3.10.0-1127 or higher is required.
- Amazon Linux 2
- Centos: 7.x and 8.0, 8.1, and 8.2
- Red Hat: 7.x and 8.0, 8.1, 8.2, and 8.3.
- Ubuntu: 16.04, 18.04
Before you choose which operating system to install the Splunk Data Stream Processor on, review the Known Issues page. Some operating systems have known issues and might require workarounds to install and administer the Splunk Data Stream Processor successfully.
You cannot run the Splunk Data Stream Processor on any operating system with FIPS mode enabled.
Splunk Enterprise versions
The Data Stream Processor officially supports sending data to Splunk Enterprise 7.1.0+ instances hosted on Linux.
Hardware Requirements
Your clustered deployment must have a minimum of three nodes with each node having the following specifications. We recommend having five nodes for higher availability.
Hardware | Specifications |
---|---|
CPU cores | Minimum: 8 physical cores or 16 vCPUs
Recommended: 16 physical cores or 32 vCPUs |
CPU architecture | x86 (64-bit) |
Network speed | 10 Gb/s or higher |
Memory | 64 GB, 128 GB recommended |
Storage | Enough disk space in /var/lib/gravity to support 24 hours of data retention. 1 TB of storage recommended. This is where Gravity stores containers and state information. You can change where Gravity stores this information at install-time. See the Extract and run the Splunk Data Stream Processor installer section on the Install the Splunk Data Stream Processor topic for more information.
|
Storage type | The Splunk Data Stream Processor requires low latency storage. You should install the Splunk Data Stream Processor on SSDs.
|
To reduce the latency of communication between DSP components, all nodes in the DSP cluster should be interconnected via a low-latency network. For example, in cloud deployments, components must be placed in the same region and availability zone. DSP does not support multiple availability zones.
What's in the installer directory? | Port configuration requirements |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1, 1.2.2-patch02
Feedback submitted, thanks!