Splunk® Data Stream Processor

Install and administer the Data Stream Processor

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Hardware and Software Requirements

The Splunk Data Stream Processor (DSP) officially supports the following hardware and software versions.

Forwarders versions

The Splunk Data Stream Processor officially supports Splunk Forwarders 7.0 to 8.1.x.

Browser versions

The Splunk Data Stream Processor officially supports these browsers:

  • Chrome 77.0 and above
  • Safari (latest)
  • Firefox (latest)
  • Microsoft Edge 12 and above

Operating system versions

The Splunk Data Stream Processor officially supports the following Linux Operating Systems.

  • Amazon Linux 2
  • Centos: 7.x and 8.0, 8.1, and 8.2
  • Red Hat: 7.x and 8.0, 8.1, 8.2, and 8.3.
  • Ubuntu: 16.04, 18.04

Before you choose which operating system to install the Splunk Data Stream Processor on, review the Known Issues page. Some operating systems have known issues and might require workarounds to install and administer the Splunk Data Stream Processor successfully.

You cannot run the Splunk Data Stream Processor on any operating system with FIPS mode enabled.

Splunk Enterprise versions

The Data Stream Processor officially supports sending data to Splunk Enterprise 7.1.0+ instances hosted on Linux.

Hardware Requirements

Your clustered deployment must have a minimum of three nodes with each node having the following specifications. We recommend having five nodes for higher availability.

Hardware Specifications
CPU cores Minimum: 8 physical cores or 16 vCPUs

Recommended: 16 physical cores or 32 vCPUs

Network speed 10 Gb/s or higher
Memory 64 GB, 128 GB recommended
Storage Enough disk space in /var/lib/gravity to support 24 hours of data retention. 1 TB of storage recommended. This is where Gravity stores containers and state information. You can change where Gravity stores this information at install-time. See the Extract and run the Splunk Data Stream Processor installer section on the Install the Splunk Data Stream Processor topic for more information.
Storage type The Splunk Data Stream Processor requires low latency storage. You should install the Splunk Data Stream Processor on SSDs.


Additionally, each master node that the Splunk Data Stream Processor is installed on must provide at least 10 sequential write IOPS, although at least 50 is recommended.

To reduce the latency of communication between DSP components, all nodes in the DSP cluster should be interconnected via a low-latency network. For example, in cloud deployments, components must be placed in the same region and availability zone. DSP does not support multiple availability zones.

Last modified on 06 August, 2021
PREVIOUS
What's in the installer directory?
  NEXT
Port configuration requirements

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters