All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.
Hardware and Software Requirements
The Splunk Data Stream Processor (DSP) officially supports the following hardware and software versions.
Forwarders versions
The Splunk Data Stream Processor officially supports Splunk Forwarders 7.0 and above.
Browser versions
The Splunk Data Stream Processor officially supports these browsers:
- Chrome 77.0 and above
- Safari (latest)
- Firefox (latest)
- Microsoft Edge 12 and above
Operating system versions
DSP will generally work on newer versions of Linux Operating Systems, but it is only officially tested on the OS versions available at the time of release. Any exceptions will be listed in the Known Issues.
DSP has been tested and validated on the following OS versions. In all cases, Linux kernel version 3.10.0-1127 or higher is required.
- Amazon Linux 2
- Centos: 7
- Centos 8 has reached end of life on December 31st, 2021. See CentOS Linux EOL for more information.
- Red Hat: 7 and 8
- Ubuntu: 20.04 or 22.04 LTS
Before you choose which operating system to install the Splunk Data Stream Processor on, review the Known Issues page. Some operating systems have known issues and might require workarounds to install and administer the Splunk Data Stream Processor successfully.
You cannot run the Splunk Data Stream Processor on any operating system with FIPS mode enabled.
Splunk Enterprise versions
The Data Stream Processor officially supports sending data to Splunk Enterprise 7.1.0+ instances hosted on Linux.
Hardware Requirements
Your clustered deployment must have a minimum of three nodes with each node having the following specifications. We recommend having five nodes for higher availability.
Hardware | Specifications |
---|---|
CPU cores | Minimum: 8 physical cores or 16 vCPUs
Recommended: 16 physical cores or 32 vCPUs |
CPU architecture | x86 (64-bit) |
Network speed | 10 Gb/s or higher |
Memory | 64 GB, 128 GB recommended |
Storage | Enough disk space in /var/lib/k0s to support 24 hours of data retention. 1 TB of storage recommended. This is where k0s stores containers and state information. See the Extract and run the Splunk Data Stream Processor installer section on the Install the Splunk Data Stream Processor topic for more information.
|
Storage type | The Splunk Data Stream Processor requires low latency storage. You should install the Splunk Data Stream Processor on SSDs.
|
To reduce the latency of communication between DSP components, all nodes in the DSP cluster should be interconnected via a low-latency network. For example, in cloud deployments, components must be placed in the same region and availability zone. DSP does not support multiple availability zones.
What's in the installer directory? | Port configuration requirements |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.4.4, 1.4.5
Feedback submitted, thanks!