Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Troubleshooting

Splunk_TA_stream and Wire Data mod input not appearing after install

After installing Splunk App for Stream on Linux, with splunkd running as root, the Splunk_TA_stream directory does not appear in $SPLUNK_HOME/etc/apps, and the Wire Data modular input is not listed under Settings > Data Input.

Workaround:

1. Manually copy the Splunk_TA_stream directory located in splunk_app_stream/install. 

cd $SPLUNK_HOME/etc/apps
cp -r splunk_app_stream/install/Splunk_TA_stream

2. Manually re-create the .modinput on the stream forwarder: 

cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream
touch darwin_x86_64/bin/.modinput linux_x86/bin/.modinput linux_x86_64/bin/.modinput

3. Restart Splunk Enterprise:

$SPLUNK_HOME/bin/splunk restart

Note: When you manually copy the Splunk_TA_stream directory, you must also setup a new Wire Data input using the Splunk UI:

1. Go to Settings > Data Inputs.

2. Click Wire Data.

3. Click New

4. For name, enter "streamfwd."

5. For Splunk App for Stream Location, enter "http://localhost:8000/en-us/custom/splunk_app_stream/."

5. Locate the "streamfwd" data input in the list, and click Enable.

The Wire Data (Stream Forwarder) data input is now enabled and begins to send event data to Splunk.

Last modified on 23 September, 2014
FAQ  

This documentation applies to the following versions of Splunk Stream: 6.0, 6.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters