Integrate Splunk Stream with Splunk Enterprise Security
Splunk Enterprise Security integrates with Splunk Stream to capture and analyze network traffic data. Splunk Stream includes an app (splunk_app_stream) that you install on a search head and two forwarding options.
- Install the Splunk App for Stream on the Splunk Enterprise Security search head.
- For a Splunk Enterprise deployment, see Splunk Stream on-premise deployment architecture in the Splunk Stream Installation and Configuration manual.
- For a Splunk Cloud Platform deployment, see Splunk Stream for Cloud deployment architecture in the Splunk Stream Installation and Configuration Manual.
- Activate the configuration template for Splunk Enterprise Security on the Splunk Stream forwarder that you use. You can use the Splunk Add-on for Stream (Splunk_TA_stream) or the independent Stream forwarder.
Use Stream in Splunk Enterprise Security
After setting up Splunk Stream, you can start a Stream capture job as a result of a detection. You can also start a stream capture job from a finding on the Mission Control page. You can view and analyze Stream data events captured in Splunk Enterprise Security on the Protocol Intelligence dashboards.
See also
For more information on using Stream in Splunk Enterprise Security, see the product documentation:
- Start a stream capture with Splunk Stream in Administer Splunk Enterprise Security.
- Protocol Intelligence dashboards in 'Use Splunk Enterprise Security.
Deploy technology add-ons to Splunk Enterprise Security | Configure and deploy indexes for Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!